last executing test programs: 7m17.521453081s ago: executing program 32 (id=311): socket$nl_rdma(0x10, 0x3, 0x14) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kfree\x00', r0}, 0x18) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = socket(0xa, 0x3, 0x3a) newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x4000) stat(&(0x7f0000004280)='./file0\x00', 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000004380), 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000004440), 0x0, 0x0) setsockopt$MRT6_ADD_MIF(r2, 0x29, 0xca, &(0x7f0000000040)={0x0, 0x1, 0x8, 0x0, 0x401}, 0xc) setsockopt$MRT6_FLUSH(r2, 0x29, 0xd4, &(0x7f0000000080)=0xc, 0x4) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]}) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="020000000400000008000000"], 0x48) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x7c, 0x30, 0x1, 0x0, 0x0, {}, [{0x68, 0x1, [@m_mpls={0x64, 0x1, 0x0, 0x0, {{0x9}, {0x38, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{}, 0x5}}, @TCA_MPLS_BOS={0x5, 0x8, 0x1}, @TCA_MPLS_PROTO={0x6, 0x4, 0x8847}, @TCA_MPLS_LABEL={0x8, 0x5, 0x199d2}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x7c}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r5}, 0x10) rt_sigpending(0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000003c0)=0x2) readv(r1, &(0x7f0000000600)=[{&(0x7f00000002c0)=""/135, 0xc9}], 0x1) 2m59.605687278s ago: executing program 0 (id=6554): r0 = socket$kcm(0x2, 0x1000000000000002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000b80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ced4fbd44e24eb0d34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3a06d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796efea77aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece72f2090000f44a3210223fdae7ed04935c3c90941576aebc8619d73415cda2130f5011e4845505000001000000004f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c040035cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bf463261135e24d154114df1381b02a0dcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f884cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e1700000000000000000000000000000000000000000000000000000520500002952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9a33c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a62415f78000000005f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c81c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b40824095135861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac00000b0000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e5dd921a5eadd4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293d5c833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e602c28ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f257aac5af18d8c6b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e29b10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe8e4cd14dc5c1eb98b63198f6f830745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b51c34a5384f2cf51180c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af243b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380ecf1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f558982d57c556ca1427b5960b79990565ca2a20996fcba472213744d3a156979651596afde2b0089f023fcfccd072bd6ea8445fc787390d71ec61d5b7b0f05f6931914bf49aa0d66eff294271a93e32f54f281068514a4cd2d0700a43df59e9924e4affdbd22405e675e9d7cdc10546571131831d4dc8c8363077a908d9ae4f27ff095f5b07667f93a3573d3fabfca58ee0a6b6a691102bb3c7be4dc5b816853275e7ae8c13ec341bad15353fad794b46c4fd73e1b4cc78de2156cb158870d5b8446dae9ba5f7f244e6cf8f6791671057347208a313ebbcb72b04706005670f2b0055e440d72c7c3316982c6ebe8675458cf6bb393b007f5cedb7bc411834600000000000000000000000000a20071b07d568a8150ed646b4978d0226d9651647a5999ae7c7c85322a215fcdb1adbad63499518fe0d10145d430422c78367dfa941f74b63f3884565ac89c673da2c2b1172be5f2cd1f3f453ebddd432bd24c73fa773b739e20fcec16a821230654a383ac1868495f67d942c772ca75e09073dbe9307ff5cac7c2c411149a4d989a8a019e068da218d4bc34e4102fd2f97397331e4cd70b4915582b635f07ca87f00dc929f902540f565c20add8675b79e005cf0277d954697317b907b77fa5d6b7feaebaf676a2a37de8aa70748fee4bc198ffd3e2de11eb0eff896fd94de0805ba6b1054a7b3e300d4581e9af62a1ecaee96d2819b3d192e5b9561eb622da25450f586be14017a1cf74f89a1dd18af004decfe266134c3d036ae7996931fe6008a73ed34c35f0da4ffee1fe63bc1af6ef1b4731d50b8ceb582a1e9c6e8d97f8290cc105754f592d16ccdb1df8636d7ca5e372cea97dd0f005cc7092b126dd46758917fb0d94b8483d403bd451429cc1660f0b5a529d8134dc2702f6d8e2f943d98fbe50a3ba653f13f98a00fcbf311f9758ade8e4eb87b4b9fb2d387f5d8c4bdcab2fff9ed8c9de961fd831a070381c8020352fea7c334b2959ddd956701a7ea415e224a81c9fa1ebbabe74f7743e09b6c8b72650b51d5c2000ef3679c039b3604374fc1af7ab354204afbd24f0e701bc08a98452ce2668617e85e0d876f5a8b6d9b777f1c384d8a9883e4262defb6b9aab8d5b76bc91ca50f87966797da2499ca0ac76707c0408a7b6d8708fe7714988babdc11f"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) setsockopt$sock_attach_bpf(r0, 0x88, 0x67, &(0x7f00000002c0)=r1, 0x4) sendmsg$inet(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x2, 0x4e24, @multicast1=0xe000004f}, 0x10, &(0x7f0000000300)=[{0x0}], 0x1, &(0x7f0000000040)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x40}, @dev={0xac, 0x14, 0x14, 0x3a}}}}], 0x20}, 0x4840) 2m59.605102358s ago: executing program 0 (id=6555): close(0xffffffffffffffff) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x5) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x800c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x8, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180200000000000000000000000000001801000020646c4300000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='hrtimer_start\x00', r0}, 0x3d) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair(0x3, 0x4, 0x4, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000940)={r1, 0x2000002, 0x6d, 0x0, &(0x7f00000004c0)="0000008000a4ff111b00000000000c444651168805931983fecd2f226a8cd42fbf38c006bd553d6f9de4034d78872447ea211befac105eec12750afb931b880cd4dc24db1cd98baf30a39be2cce7ced8bdaad35c474fc33bd35e6dbee90c85f06300"/110, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2m59.509065077s ago: executing program 0 (id=6556): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r0, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000200)='%-5lx \x00'}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{r1, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000140)='%pI4 \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000240)={r2}, 0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x11, &(0x7f0000000540)=ANY=[@ANYBLOB="180200000000000000000000030000008500000017000000b7080000000000007b8af8ff00000000b7080000000000807b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000080)='GPL\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0x7, 0x0, &(0x7f0000000100)="e0b9547ed387db", 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2m59.503886738s ago: executing program 0 (id=6558): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000580), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x36, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000180)={0x3, 0x0}, 0x8) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000380)={r7}, 0x4) 2m59.401311078s ago: executing program 5 (id=6565): bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0300000004000000040800000a00000000425ddd", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r1 = perf_event_open(&(0x7f0000000040)={0x5, 0x80, 0x4, 0x2, 0xf, 0x62, 0x0, 0x7fffffffffffffff, 0x40, 0x8, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x4f, 0x2, @perf_config_ext={0xe, 0x4}, 0x1f97, 0x7, 0xc9, 0x5, 0x2, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x62d}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x1b, &(0x7f00000000c0)=@framed={{}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x3}, @ldst={0x3, 0x2, 0x2, 0x8, 0x8, 0x18}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}, @map_fd={0x18, 0x8, 0x1, 0x0, r0}, @map_idx={0x18, 0x0, 0x5, 0x0, 0x7}, @jmp={0x5, 0x0, 0x1, 0x1, 0x2, 0x20, 0x8}, @cb_func={0x18, 0x0, 0x4, 0x0, 0xfffffffffffffffc}]}, &(0x7f00000001c0)='GPL\x00', 0x4, 0x5a, &(0x7f0000000200)=""/90, 0x41000, 0x64, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000380)=[{0x4, 0x2, 0x7, 0x5}, {0x0, 0x4, 0x7, 0xc}], 0x10, 0x40000000}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x48, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80102, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x3fe, 0x7ffffffc, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$kcm(0x2, 0x2, 0x0) r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000008c0)=0xffffffffffffffff, 0x4) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000900)={0x3, 0x4, 0x4, 0xa, 0x0, r3, 0xa, '\x00', 0x0, r4, 0x5, 0x0, 0x3}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x1}, 0x0, 0x2, 0xfffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$sock(0xffffffffffffffff, 0x0, 0x101d0) sendmsg$IPSET_CMD_LIST(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000a40)={0x2c, 0x7, 0x6, 0x3, 0x0, 0x0, {0x5, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x2c}}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000980)='./cgroup.cpu/syz1\x00', 0x1ff) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000003140)=ANY=[@ANYBLOB="c01800002000010a00000000000000000a0000002c01018028014880ed00a90013466820cd76bb221fbb4acd690c6a8b9c760a61eeec7793b579aefdb936d00f403d3f04637cdb9ac70e28c5dd66ddedde2d0930650e6821f9a26a4a193c1d06a3e75523f901e44fe087ae32c836c6d6ddba3af8e9a2beae8936168f9fa38c395f5cf7408df69c60bf584bee86a6312e9ce866e456c3eda6f2924082d78a2f385bdbd0c9afb54758c102bf13094645fb6aa34d424ec776691fee3d25307f61fed2752babf7c686e8a3d9b59a8343bcf4121bf5cf400a0c1070855fac565cad8968a97ce0a12a1161054d82d0a240b7dedf9ba3cc63e9d1c3b9a8402f7d5b4cafcd48928a3d4a76498900000014007c00ff01000000000000000000000000000108003d00", @ANYRES32=0x0, @ANYBLOB="08001a"], 0x18c0}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 2m59.256640302s ago: executing program 5 (id=6570): r0 = socket$packet(0x11, 0x2, 0x300) bpf$MAP_CREATE(0x0, &(0x7f0000000cc0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[], 0x70}}, 0x0) 2m59.250568733s ago: executing program 5 (id=6571): bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x8, 0x1, 0x4, 0x0, 0x2004, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x2}, 0x50) 2m59.228568555s ago: executing program 5 (id=6572): perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x48, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80102, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x3fe, 0x7ffffffc, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x1}, 0x0, 0x2, 0xfffffffe, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="180000000000000000000000000000009500"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\n'], 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x48) 2m58.865145001s ago: executing program 4 (id=6591): perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x48, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80102, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_bp={0x0}, 0x800, 0x3, 0x0, 0x4, 0x3fe, 0x7ffffffc, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) bpf$PROG_LOAD(0x5, 0x0, 0x0) close(0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, 0x0) socket$kcm(0x10, 0x3, 0x10) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) openat$tun(0xffffffffffffff9c, 0x0, 0x101040, 0x0) socket$kcm(0x1e, 0x4, 0x0) r0 = socket$kcm(0x2, 0x3, 0x84) sendmsg$inet(r0, &(0x7f0000000700)={&(0x7f0000000280)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x3e}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="280000000000000000000000070000000717a87f000001ac141400e0000001ac1e0001ac1414bb011c000000000000000000000008000000", @ANYRES64=r0], 0x48}, 0x0) 2m58.862592201s ago: executing program 4 (id=6594): r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000012c0)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000ffffffff7a0af0fff8ffff5979a4f0ff00000000b7060000ffffffff2d6405000000000065040400014741001404000001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000004000095000000000000006623848adf1dc9a764ab51a064e0ff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b01ddaa52e8756ad60a07d6f27c125e16d02409819180179714ed0a6e1f0f755d8583da60f27c162dbba0706002ac9170f50f2568836077b7f711a18ebf608d87b885297b6a79819782748b376358c33c9f53bfd989b1ca58949a54d5827df14feecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b77aafa63b9dd5fa5c53e9c37251709f1ff7f0000f07bf7f53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd7e43fe1ca8345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1777b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d08428353b1c358ebe73af41e5b5b924275cb1749289b44e9728e7a73f148ac8206afe120c1437490d99000000110000fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cece48c38126247b27113ad4c7915c8f82c333a7b350802f0311807010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d637d406160ffaffffffb4e0bde6749aa52c408b74251914c5ff01000000000000b69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000013887ad6d2d440fedce51a3aa57b00ac376e0a4649a8a84e1d293a6b109c5e59b366bca5cc3d936c53d4a48c05099e6fc36d5aa23bff8cce0600fcff00000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68fd36a03353a55e68ec7c01bd5a2028a8fc107007f3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f942cc750399d90296171fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2b44925129677b7b3d2f8e7792c7827862eae80134552f0b076b168394f8417f25cc82ae04007193cbe69de8bf35e4bebd15412426b2e20ab1f05fc44ae9ae094c1b81d3ef947692b44d2afb09c7498d357836f03e8a7c392e535694a3ead2de11e6b1781e2a018c0ada7bc7f0eb2d678f23c07ac341fda2e563ee95085742f5fee9f95f4741b226e428d20b00bc140000e4b2f5efd0a0b1ceba000830ba8634b5aa26bdbe91614e92fae3c7349531df9bf4c01ebf5d8eb7d53e5f30647661623fbdb3f60033fc32f68ea86a2df1e76fe27dfdff1cf9194849c4cc0da9533e5983693e526a7dc0d8728f3b573ca4427bdb44df9341e9b8050e896598a156c935c800436a312e7ae3c011e46851ac599f0427729ab9c55ae0ab4c0000000000000000000000000000c87bcc2ac5aed9247b51d92e0993af4beaf1f3f47dcdfab9165f98155d93e383d6b85158b54675c1585037508c1e9461a1c3d1a6e2402045cae150a7016f1a90716eebbdf6afc4414d900be0bdf19f4a273f44f4357380b4387f1c8b104f0e406b2f04e5ed88631be6411f9927fe9f83412b7c5a676ceec8b454ebf6481c98e86b6933a02daea0b4ec0be5b3d916bd70208b4588626c277648475002e2c62681bd07331422a6e47bbd40857d52c4894944fae5c500000000000000ff00000000de784314b8fd419216b48d0f353c11ae185749fa9ac7dfa16bc5c23a23f74b17a7f1b2d799480f33faa3537a910d6ca02f48b0e69beb1119f106ea59195dbc72e17a5dc8c3d131d82f067e29dc39665dff39fb6347b374aaaf6e65efde3fc6202bf29ccfcb08caf18d668a462493aa82e76affba9c9af31d1c23237aa6eccfadfaf794bb1004c07b21ac6ed77718098b2f722bd05fea3561b86b2838a8de5b4f91d6aba95dc9f4464a024be4d0d8d04f5023e7e19e503624d39a43c7b310de519b4073f300022fee47803989b7e916254e0fb9e1c8b07d8a4b8b692a75a32e6ed2caeaa7c258c47fe6143cd9e90b801eff78cd4e402374e0e4ca07b7f17254e3d2f0a2a1bac6fde8a15e3ef3588065524d41966fb3915e804c53201efee751ec294584d23d9008bdf046f55c030ab941a0b87234a30900000000000068133c76770d5e7dabcc48d47685404cc540535ed70df75c24660d85f9c9a245185c7da217d1c3743db85db67b9b8a8f00af02367429f6f0b53c169c4356751bf68745dbde055e1722ae256ae53ae637a1431855d16dfa91d82a021a4b2dbb50bf6d59fdd0c9bc84cd7d544de2523b6ce8aaeb94bfba75079f7455204ccca02bd389d8409b2effe9b88e301ac4fe28752386a0678a3f54b2bdf56f927ddd6b0ac98b2b505f668597455ada51ba95ab852b49373a11ff31dcd82474b51498f65e0601bcdd23acb4c01bcd2f3e1ad378d14c07d923087d3518369710b70ffb0b523dc4f00f275c381fe1c091e478b04d5e4a9f75b4072acb005a83c2"], 0x0}, 0x94) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x5}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000040)="2703022b590241c90000002f1eafbcf706e105000000894f000f1102ee1680ca82973d2bd4b8bf4a8291a14b8a34f90186cee844000000080000000019b0fb0bba", 0x41}, {&(0x7f0000000440)="63f805d7649496db72959832930469edc7b7d050139bf7ada33cc9e37eed1153ecb716cdb8981cd819af0b33254465cc904b7b31789d65c0e0d3333ce2ef36205dd154e363bcadf8f2ea93f45503c6d9fd8dfe5a638cfeb9f79c930a4d18260e5a08ffd35ed8371cff78119319b2b62c7cd9378c73ae90c801681f55ef26cb0000000000000000", 0x87}, {&(0x7f0000000280)="fe112162c63e6da8bc8432294ef18af53cc330a62a2c7035246635093ba4d30fcf19a90804f04a10939db8f4e13069cda6d167bf1b68c94d8d694d6ad1a4d51a715975560ad48770706eb1b88d021e1119f2eb75275cfe77f862368649be0f7aff5e7826729816e3d3e7986d9434f891c71ca6e4210c6757083cfd8e732048c504f28b6d309fc129ed8eb5a82e224eb648f90134d1d315977c6ea360a7fece4baa3dd7dcc970759f29df0e86469e954e2b050e87b203ca27a2a519b7555c3b73f2681d49442d9647ff5ea64110cc5020fdeafe53a7d8be70f3260816bc376bcdc5352771fa55d9733e27730ec7103520e8359c78edd21ee6c68feb3685a55722f5da09ffe8ba9f05081a8d214156376f99906245f2f390ad717979d98f0574f8c5b52dcc2fa494f461be6c2560ddbaafb80c5b4583cbe56d24f14ab78fd718947077ea736251c7b8eee267267534c84daa6f095e94bfb85986a03ddea362cc7e6682884e710727c1163cd4f336c13b844605b7a815fe39e43bd0d2e414410a82958455b8a6bd9194c631d66295675fed64c04107a595c421111a3af6e9fadab5c9", 0x1a1}, {&(0x7f0000000180)="6fe4dd9eeba3271dc700b581440284", 0xfe69}], 0x4}, 0x0) 2m58.800527067s ago: executing program 4 (id=6599): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x3000c041) r1 = socket$kcm(0x10, 0x2, 0x4) r2 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r2, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080000000000000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0) 2m58.757803942s ago: executing program 4 (id=6601): r0 = socket$packet(0x11, 0x2, 0x300) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r1}, &(0x7f0000000040), &(0x7f0000000280)='%pS \x00'}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 2m58.636440223s ago: executing program 4 (id=6605): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000072"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r0) r1 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x20008000) r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="b4050000fdff7f006110a40000000000c60000000000000095000000000000009f33ef60916e6e713f1e6b0b725ad99b817fd98cd824498949714e32f21dcc4ae5437aca55f21f3ca9e822d182054d54d53cd2b6da714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed00000000000000000000000000000000000000006c63b40e0c00000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f79829c90bd2114252581567acae715cbe1b57d5cda432c5b9443999f7d24195405f2e76ba88454cc9227069ccb7b37b41215c000000003be991e5e897284cdd6043058cec00000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r3, r2, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r3}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) recvmsg$kcm(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000300)=""/143, 0x8f}], 0x1}, 0x2) 2m58.634904363s ago: executing program 0 (id=6606): bpf$MAP_CREATE(0x0, 0x0, 0x48) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xb, 0xffffffffffffffff}, 0x8, 0x0, 0x0, 0x0, 0x6, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x400200000000003e}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) perf_event_open(0x0, 0xffffffffffffffff, 0x8, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/12, @ANYRES32, @ANYBLOB="0d00ff0000000000830000000000000045"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, &(0x7f0000000000)='GPL\x00'}, 0x90) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'sit0\x00'}) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f1, &(0x7f0000000080)) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f3, &(0x7f0000000080)) 2m58.472162449s ago: executing program 33 (id=6607): r0 = socket$packet(0x11, 0x2, 0x300) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000cc0)=ANY=[@ANYBLOB="0200000004000000020000000c0000000014"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[], 0x70}}, 0x0) 2m58.309958475s ago: executing program 0 (id=6609): r0 = socket$kcm(0x29, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99db"], &(0x7f0000000140)='GPL\x00'}, 0x94) r2 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r2, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000040)={r2, r1}) sendmsg$kcm(r0, &(0x7f0000002080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f0000000880)="1a", 0x100000}], 0x1}, 0x0) 2m58.309715966s ago: executing program 34 (id=6609): r0 = socket$kcm(0x29, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99db"], &(0x7f0000000140)='GPL\x00'}, 0x94) r2 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r2, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000040)={r2, r1}) sendmsg$kcm(r0, &(0x7f0000002080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f0000000880)="1a", 0x100000}], 0x1}, 0x0) 2m58.306852296s ago: executing program 4 (id=6610): socket$nl_netfilter(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee0, 0x4, @perf_bp={0x0, 0x2}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x4, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a7c000000060a030400000000000000000a0000050900010073797a3100000000500004804c0001800b00010074617267657400003c00028024000300733900000455afb9fdd672bad09dfb78c7699c74e891a0c7000000000000000008000240000000000c00010052415445455354000900020073797a32"], 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040) close(0xffffffffffffffff) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000600)}], 0x1}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'wlan1\x00', 0x2000}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x26e1, 0x0) close(r2) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0) ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x110c23003f) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb01"], 0x0, 0x3e}, 0x28) write$cgroup_devices(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="80fd"], 0xa) r4 = socket$kcm(0x10, 0x2, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x78, 0x3, 0xa, 0x301, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x13}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_HOOK_DEV={0x14, 0x3, 'netdevsim0\x00'}]}, @NFTA_CHAIN_COUNTERS={0x1c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x7fff}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x100000000}]}]}], {0x14}}, 0xc0}}, 0x0) r6 = socket$can_bcm(0x1d, 0x2, 0x2) close(r6) sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181003100000002200000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x20040040) 2m58.243423202s ago: executing program 35 (id=6610): socket$nl_netfilter(0x10, 0x3, 0xc) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xe4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee0, 0x4, @perf_bp={0x0, 0x2}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x4, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a7c000000060a030400000000000000000a0000050900010073797a3100000000500004804c0001800b00010074617267657400003c00028024000300733900000455afb9fdd672bad09dfb78c7699c74e891a0c7000000000000000008000240000000000c00010052415445455354000900020073797a32"], 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040) close(0xffffffffffffffff) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000600)}], 0x1}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'wlan1\x00', 0x2000}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='io.stat\x00', 0x26e1, 0x0) close(r2) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0) ioctl$TUNSETOFFLOAD(r3, 0xc004743e, 0x110c23003f) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb01"], 0x0, 0x3e}, 0x28) write$cgroup_devices(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="80fd"], 0xa) r4 = socket$kcm(0x10, 0x2, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x78, 0x3, 0xa, 0x301, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x13}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_HOOK_DEV={0x14, 0x3, 'netdevsim0\x00'}]}, @NFTA_CHAIN_COUNTERS={0x1c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x7fff}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x100000000}]}]}], {0x14}}, 0xc0}}, 0x0) r6 = socket$can_bcm(0x1d, 0x2, 0x2) close(r6) sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181003100000002200000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x20040040) 2m58.237058892s ago: executing program 5 (id=6611): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0xa54a9d76e5e2e84, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0xa, 0x4, 0xfff, 0x7}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) 2m55.651762287s ago: executing program 5 (id=6614): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0) close(r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000000700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000015c0)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r1}, &(0x7f00000006c0), &(0x7f0000000700)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r1}, &(0x7f0000000140), &(0x7f0000000180)=r0}, 0x20) 2m55.651620317s ago: executing program 36 (id=6614): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='devices.list\x00', 0x26e1, 0x0) close(r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000000700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000015c0)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r1}, &(0x7f00000006c0), &(0x7f0000000700)}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r1}, &(0x7f0000000140), &(0x7f0000000180)=r0}, 0x20) 2m49.692060585s ago: executing program 6 (id=6824): r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x5}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000040)="2703022b590241c90000002f1eafbcf706e1050000008847000f1102ee1680ca82973d2bd4b8bf4a8291a14b8a34f90186cee844000000080000000019b0fb0bba", 0x41}, {&(0x7f0000000440)="63f805d7649496db72959832930469edc7b7d050139bf7ada33cc9e37eed1153ecb716cdb8981cd819af0b33254465cc904b7b31789d65c0e0d3333ce2ef36205dd154e3", 0x44}, {&(0x7f0000000280)="fe112162c63e6da8bc8432294ef18af53cc330a62a2c7035246635093ba4d30fcf19a90804f04a10939db8f4e13069cda6d167bf1b68c94d8d694d6ad1a4d51a715975560ad48770706eb1b88d021e1119f2eb75275cfe77f862368649be0f7aff5e7826729816e3d3e7986d9434f891c71ca6e4210c6757083cfd8e732048c504f28b6d309fc129ed8eb5a82e224eb648f90134d1d315977c6ea360a7fece4baa3dd7dcc970759f29df0e86469e954e2b050e87b203ca27a2a519b7555c3b73f2681d49442d9647ff5ea64110cc5020fdeafe53a7d8be70f3260816bc376bcdc5352771fa55d9733e27730ec7103520e8359c78edd21ee6c68feb3685a55722f5da09ffe8ba9f05081a8d214156376f99906245f2f390ad717979d98f0574f8c5b52dcc2fa494f461be6c2560ddbaafb80c5b4583cbe56d24f14ab78fd718947077ea736251c7b8eee267267534c84daa6f095e94bfb85986a03ddea362cc7e6682884e710727c1163cd4f336c13b844605b7a815fe39e43bd0d2e414410a82958455b8a6bd9194c631d66295675fed64c04107a595c421111a3af6e9fadab5c9", 0x1a1}, {&(0x7f0000000180)="6fe4dd9eeba3271dc700b581440284", 0xf}], 0x4}, 0x0) 2m49.580785145s ago: executing program 6 (id=6829): write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfe33) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x49, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_config_ext={0x7c, 0x4}, 0x2, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0xa00000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) socket$kcm(0xa, 0x3, 0x106) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="5c0000000206030000000000008000000000000005000100070000000900020073797a30000000001400078008001240000000000500150300000000050005000000"], 0x5c}}, 0x0) socket$kcm(0x10, 0x2, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d31, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x9}, 0x202, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x8, 0xffffffffffffffff, 0x2) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[], 0x0, 0x18, 0x0, 0x1}, 0x28) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair(0x2, 0x1, 0x100, &(0x7f0000000440)) perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x52, 0x1, 0x0, 0x0, 0x0, 0x7ff0, 0x82, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b6d, 0x1, @perf_config_ext={0x407fff, 0xaea}, 0x14105, 0x2e, 0xfffffbff, 0x1, 0x1, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa9e6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r1 = socket$kcm(0x2b, 0x1, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r2, &(0x7f00000000c0), &(0x7f0000000000)=""/10, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x1401, 0x201, 0x70bd2d, 0x25dfdbfe}, 0x10}}, 0x0) setsockopt$sock_attach_bpf(r3, 0x0, 0x4, 0x0, 0xffffffffffffffa8) setsockopt$sock_attach_bpf(r1, 0x0, 0x4, 0x0, 0x0) r4 = socket$kcm(0x2, 0x5, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x25dfdbfc, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x2, 0x200000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@empty, 0x2, 0x2b}, 0xa, @in6=@local, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) sendmsg$inet(r4, &(0x7f00000004c0)={&(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xff}}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000140)="9f", 0x1}], 0x1}, 0x3e8) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={0x0, 0x0, 0x43}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94) 2m49.383678485s ago: executing program 6 (id=6840): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="1802000000000000000000000000100085000000180000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000080)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2m49.309177083s ago: executing program 6 (id=6842): bpf$PROG_LOAD(0x5, 0x0, 0x0) 2m49.308268522s ago: executing program 6 (id=6844): r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x0, 0x0, 0x8, 0x3fe, 0x7fffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000001440)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000001380)="39b3", 0x2}], 0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="10000000000000001100000002000000100000000000000001ac2036c67ce14400000002000000"], 0x20}, 0x40880) perf_event_open(&(0x7f0000000440)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x100, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) mount$bpf(0x200000000000, &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x989046, 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0) close(r0) mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@getsa={0x28, 0x12, 0x1, 0x70bd28, 0x25dfdbfe, {@in6=@mcast1, 0x4d6, 0x2, 0x32}}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0) 2m49.147348519s ago: executing program 6 (id=6850): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x7}, 0x0) 2m48.542658548s ago: executing program 7 (id=6875): bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0xc, 0x0, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000002}, 0x94) 2m48.493265123s ago: executing program 7 (id=6879): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_RENAME(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="340000000506010100000000000000000000000a050001"], 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000080) 2m48.485184864s ago: executing program 7 (id=6881): r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x5}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000040)="2703022b590241c90000002f1eafbcf706e1050000008847000f1102ee1680ca82973d2bd4b8bf4a8291a14b8a34f90186cee844000000080000000019b0fb0bba", 0x41}, {&(0x7f0000000440)="63f805d7649496db72959832930469edc7b7d050139bf7ada33cc9e37eed1153ecb716cdb8981cd819af0b33254465cc904b7b31789d65c0e0d3333ce2ef36205dd154e363bcadf8f2ea93f45503c6d9fd8dfe5a638cfeb9f79c930a4d18260e5a08ffd35ed8371cff78119319b2b62c7cd9378c73ae90", 0x77}, {&(0x7f0000000280)="fe112162c63e6da8bc8432294ef18af53cc330a62a2c7035246635093ba4d30fcf19a90804f04a10939db8f4e13069cda6d167bf1b68c94d8d694d6ad1a4d51a715975560ad48770706eb1b88d021e1119f2eb75275cfe77f862368649be0f7aff5e7826729816e3d3e7986d9434f891c71ca6e4210c6757083cfd8e732048c504f28b6d309fc129ed8eb5a82e224eb648f90134d1d315977c6ea360a7fece4baa3dd7dcc970759f29df0e86469e954e2b050e87b203ca27a2a519b7555c3b73f2681d49442d9647ff5ea64110cc5020fdeafe53a7d8be70f3260816bc376bcdc5352771fa55d9733e27730ec7103520e8359c78edd21ee6c68feb3685a55722f5da09ffe8ba9f05081a8d214156376f99906245f2f390ad717979d98f0574f8c5b52dcc2fa494f461be6c2560ddbaafb80c5b4583cbe56d24f14ab78fd718947077ea736251c7b8eee267267534c84daa6f095e94bfb85986a03ddea362cc7e6682884e710727c1163cd4f336c13b844605b7a815fe39e43bd0d2e414410a82958455b8a6bd9194c631d66295675fed64c04107a595c421111a3af6e9fadab5c9", 0x1a1}, {&(0x7f0000000180)="6fe4dd9eeba3271dc700b581440284", 0xf}], 0x4}, 0x0) 2m48.444384068s ago: executing program 7 (id=6883): close(0xffffffffffffffff) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x5) perf_event_open(&(0x7f00000003c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x800c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x0, 0x8, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180200000000000000000000000000001801000020646c4300000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='hrtimer_start\x00', r0}, 0x3d) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair(0x3, 0x4, 0x4, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000940)={r1, 0x2000002, 0x6d, 0x0, &(0x7f00000004c0)="0000008000a4ff111b00000000000c444651168805931983fecd2f226a8cd42fbf38c006bd553d6f9de4034d78872447ea211befac105eec12750afb931b880cd4dc24db1cd98baf30a39be2cce7ced8bdaad35c474fc33bd35e6dbee90c85f06300"/110, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2m48.387355673s ago: executing program 7 (id=6886): r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0xa38, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) mount$bpf(0x200000000000, &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x989046, 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) mount$bpf(0x200000000000, &(0x7f0000000780)='./file0/../file0\x00', 0x0, 0xa06002, 0x0) 2m48.229234239s ago: executing program 7 (id=6891): bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0xc, 0x3, &(0x7f0000000800)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8}}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000002}, 0x94) 2m34.124718749s ago: executing program 37 (id=6850): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x7}, 0x0) 2m33.075551403s ago: executing program 38 (id=6891): bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0xc, 0x3, &(0x7f0000000800)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8}}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1000002}, 0x94) 2.415387692s ago: executing program 9 (id=12168): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x2aa40, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000280)={'pim6reg1\x00', 0x2}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r2}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @broadcast}) 2.026568261s ago: executing program 9 (id=12174): r0 = socket$inet6(0xa, 0x2, 0xfffffffe) fchown(0xffffffffffffffff, 0x0, 0xee01) perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0xfd, 0x0, 0xff, 0x0, 0x100, 0x10020, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x8}, 0x2140, 0x0, 0xffffffff, 0x3, 0x2, 0x1, 0x1}, 0x0, 0x4, 0xffffffffffffffff, 0xa) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0xb, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2d00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000001c0)='ata_eh_link_autopsy\x00', r1}, 0x18) socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0) ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, 0x0) ioctl$sock_ipv6_tunnel_SIOCADD6RD(0xffffffffffffffff, 0x89f9, 0x0) socket$netlink(0x10, 0x3, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/pm_wakeup_irq', 0x0, 0xb) r3 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x0) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000001600)={r2, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09d0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC=r0, @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) creat(&(0x7f0000000140)='./file0\x00', 0x106) lsetxattr$trusted_overlay_redirect(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x1) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000080)) llistxattr(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000012c0), 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) memfd_secret(0x0) unshare(0x8040480) r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000040)={[0x5]}, 0x8, 0x800) io_setup(0x81, &(0x7f0000000b80)=0x0) io_submit(r5, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r4, 0x0}]) 1.923764331s ago: executing program 3 (id=12176): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) r0 = syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x1067, 0x80, 0x4, 0x224}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_OPENAT2={0x1c, 0x40, 0x0, 0xffffffffffffffff, &(0x7f00000004c0)={0x200000, 0x158, 0x18}, 0x0, 0x18, 0x0, 0x23456}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x18) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r0, 0x47f8, 0x0, 0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r6, 0x0, 0x97}, 0x18) prlimit64(0x0, 0xd, &(0x7f0000000340)={0xcf44, 0xfffffffffffffff7}, 0x0) r7 = io_uring_setup(0x1020, &(0x7f00000000c0)={0x0, 0x6a0d, 0x3000, 0x1, 0x387}) io_uring_register$IORING_REGISTER_RESIZE_RINGS(r7, 0x21, &(0x7f0000000340)={0x0, 0x2fc3f, 0x10, 0x2, 0x377, 0x0, r7}, 0x1) ioctl$AUTOFS_IOC_FAIL(r5, 0x9361, 0x596) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r9 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000b00)='kmem_cache_free\x00', r8, 0x0, 0x1034}, 0x18) r10 = socket$netlink(0x10, 0x3, 0x14) r11 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40) pwritev2(r11, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x0, 0x5404, 0x0, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r9, 0xc020662a, &(0x7f0000000440)={0x3fffffffbfb, 0x5, 0x5, 0x5, 0x1, 0x0, [{0x800000002, 0xab8, 0x5, '\x00', 0x102}]}) r12 = syz_genetlink_get_family_id$nl80211(0x0, r10) sendmsg$NL80211_CMD_SET_CQM(r11, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000480)={&(0x7f0000000580)={0xf0, r12, 0x200, 0x70bd28, 0x25dfdbf8, {{}, {@void, @val={0xc, 0x99, {0xe985, 0x74}}}}, [@NL80211_ATTR_CQM={0xc, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x100}]}, @NL80211_ATTR_CQM={0x18, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0xc, 0x1, [0x9, 0xfffffffc]}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x26}]}, @NL80211_ATTR_CQM={0x2c, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x3}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x6ac}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x4}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x704}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x2b8}]}, @NL80211_ATTR_CQM={0x28, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0xf}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0xd}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x2}, @NL80211_ATTR_CQM_RSSI_THOLD={0xc, 0x1, [0x8, 0x7]}]}, @NL80211_ATTR_CQM={0x2c, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x22}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0xb}, @NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0xb20}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x6}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x1f}]}, @NL80211_ATTR_CQM={0x2c, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x7}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x56}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x33a}, @NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0xb778}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x3e}]}]}, 0xf0}, 0x1, 0x0, 0x0, 0x20008090}, 0x8000) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000000314010000000000000000000900020073797a2f000000000800410072786500140033007465616d5f736c6176655f30"], 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x8844) r13 = syz_genetlink_get_family_id$gtp(&(0x7f0000000140), 0xffffffffffffffff) r14 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000280)='\x00', &(0x7f00000002c0)={0x2c2742, 0x21, 0x2}, 0x18) open_tree(r14, &(0x7f0000000500)='./file1\x00', 0x100) sendmsg$GTP_CMD_ECHOREQ(r10, 0x0, 0x81) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x28, r13, 0x20, 0x70bd28, 0x25dfdbff, {}, [@GTPA_PEER_ADDR6={0x14, 0xb, @mcast1}]}, 0x28}, 0x1, 0x0, 0x0, 0x8800}, 0x24000001) 1.850568158s ago: executing program 9 (id=12180): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f00000009c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ec0)={&(0x7f0000000100)='kfree\x00', r1, 0x0, 0x6}, 0x18) r2 = syz_io_uring_setup(0xbc3, &(0x7f0000000540)={0x0, 0x1568, 0x10000, 0x2, 0x264}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000300)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x2, 0xa3d8, &(0x7f00000005c0)=[{&(0x7f0000000240)="5db5bd", 0x3}], 0x10000000000002a8, 0x8, 0x1, {0x2}}) io_uring_enter(r2, 0x29ab, 0xd480, 0x0, 0x0, 0x0) 1.849522198s ago: executing program 3 (id=12181): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, 0x0, &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r2}, 0x18) sendmsg$nl_route_sched(r1, 0x0, 0x0) getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r3, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r5) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@delchain={0x38, 0x2c, 0xf31, 0x600, 0x25dfcbfb, {0x0, 0x0, 0x0, r6, {}, {0xfff2, 0xffff}, {0xffff, 0x1}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008844}, 0x4010) 1.816025242s ago: executing program 9 (id=12182): r0 = socket(0x18, 0x4, 0x0) connect$pppoe(r0, &(0x7f0000000100)={0x18, 0x0, {0x2, @multicast, 'vcan0\x00'}}, 0x1e) syz_genetlink_get_family_id$devlink(&(0x7f0000000380), r0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r1) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x5, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095", @ANYRES64=r0, @ANYRES16=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x49, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffff9}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000000), r1) fchdir(0xffffffffffffffff) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xe, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x10, 0x0) sendmsg$NFC_CMD_DEP_LINK_UP(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000700)=ANY=[@ANYBLOB='<\x00\x00', @ANYRES16=r2, @ANYBLOB="01002abd7000fbdbdf250400000005000a0000000000080001"], 0x3c}, 0x1, 0x0, 0x0, 0x26040041}, 0x40) sendmsg$NL80211_CMD_EXTERNAL_AUTH(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)={0x68, 0x0, 0x400, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_SSID={0x12, 0x34, @random="0e556cd39e04d837ea630820720d"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_SSID={0x8, 0x34, @random="ee4ee5f2"}, @NL80211_ATTR_BSSID={0xa, 0xf5, @from_mac}]}, 0x68}, 0x1, 0x0, 0x0, 0x4040}, 0x24000005) 1.766377686s ago: executing program 3 (id=12184): r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x80, 0x2, 0x1f9}, &(0x7f0000000000)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r0, 0x0, 0x0, 0x64, 0x183000, 0x12345}) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) 1.534200009s ago: executing program 3 (id=12187): r0 = openat$selinux_load(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000040)) write$selinux_load(r0, &(0x7f0000000000)=ANY=[], 0x44f0) 1.42511096s ago: executing program 3 (id=12188): perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x2}, 0x828, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid_for_children\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x128}, 0x0) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0) ioctl$TUNSETIFF(r0, 0xb701, 0x0) 1.408763402s ago: executing program 8 (id=12189): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r1 = socket(0x23, 0x800, 0xfffffbcd) recvmmsg(r1, &(0x7f0000002840)=[{{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f0000001080)=""/4096, 0x1000}], 0x1}, 0x2}], 0x1, 0x10120, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x300000c, 0x3032, 0xffffffffffffffff, 0x0) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001"], 0xfdef) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0700000004000000080200000e"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7030000ec000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r4}, 0x18) r5 = socket(0x10, 0x3, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x8, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x0, 0x5}, 0x2004c000) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f00000000000000000a000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmmsg(r5, &(0x7f0000000000), 0x4000000000001f2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r6 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r6, &(0x7f0000000040), 0x10) listen(r6, 0x0) r7 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r7, &(0x7f0000000080), 0x10) sendmmsg(r7, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094) r8 = accept4$unix(r6, 0x0, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="00000000e300000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000002340)={0x11, 0xf, &(0x7f0000000440)=ANY=[@ANYBLOB="00bf377b568d", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000002140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r9}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001000000", @ANYRES32, @ANYBLOB="00000000000000000000000000000000000086f4c1d81f34a6789666f8c25e5ea22047eb968145cf8769f61a000021c0db9fcd4fd4bee16d91d04cdb09b7c8d93f7d24027d54d9c8d03ca10ed2805e8f85ddb0405123755a8bdf7331e6925c7a58ff0cc961a0971031a06d79758cc9731fbc2d1dcbae1041915ff84fde830b1d98961778e0bdb4be2b516bb6fc796c89037f2f949a5c9e44722766b77366fcb303589f201e31f8ff000000000000000000000000000000000000000000518070bd86c3c250904857c6b6baf51c9dcb0990263d082c5b1d4951162d3c9f27391251b3e70985801fe0a2c1665e4e3da2d6a4652ebfe93eec985dfd7de0441de5381f8fa4d6518b65499e9b5f6ae69c18db5aee5fee7a2d42c6aef49dff440597733c9d53063a79d528fe0342c46842e0c9cbdd304bbbf8d7dd369bd73ebca0642fc7fa0bf387f8de6f03484baddcf1b13ece67c7cefa0564af34cdba8b1a254d292497fbb2a270a92cf0990b2fd81efaf8932e1e3a7f365ef0f4ca7d46ef648da5fe0cd4c9e17bdee98d802f8540256db723986b8b050694aa04185c2adff271b9c0f2a5db21b55c5cfd94dabfb2589067b8186359ea035bc108719f1b05f99ba3333457969e9f72d91029f3ba1c4b061faaf00a", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) recvfrom$unix(r8, &(0x7f0000000140)=""/263, 0x107, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) 1.21985559s ago: executing program 8 (id=12190): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000064010100"/30, @ANYRES32=0x0, @ANYBLOB="000800000000000003000000000000000000000000000000fd"], 0xfc}}, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x6, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1000}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffb}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2}]}, &(0x7f0000000080)='syzkaller\x00', 0x3, 0x27, &(0x7f0000000000)=""/114}, 0xa8) 1.194319963s ago: executing program 8 (id=12191): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000540)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00', 0x9}]}, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) setsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000080)={r2, 0x33280000}, 0x8) (fail_nth: 2) 921.82135ms ago: executing program 8 (id=12192): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) r0 = syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x1067, 0x80, 0x4, 0x224}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_OPENAT2={0x1c, 0x40, 0x0, 0xffffffffffffffff, &(0x7f00000004c0)={0x200000, 0x158, 0x18}, 0x0, 0x18, 0x0, 0x23456}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x18) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r0, 0x47f8, 0x0, 0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r6, 0x0, 0x97}, 0x18) prlimit64(0x0, 0xd, 0x0, 0x0) r7 = io_uring_setup(0x1020, &(0x7f00000000c0)={0x0, 0x6a0d, 0x3000, 0x1, 0x387}) io_uring_register$IORING_REGISTER_RESIZE_RINGS(r7, 0x21, &(0x7f0000000340)={0x0, 0x2fc3f, 0x10, 0x2, 0x377, 0x0, r7}, 0x1) ioctl$AUTOFS_IOC_FAIL(r5, 0x9361, 0x596) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r9 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000b00)='kmem_cache_free\x00', r8, 0x0, 0x1034}, 0x18) r10 = socket$netlink(0x10, 0x3, 0x14) r11 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40) pwritev2(r11, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x0, 0x5404, 0x0, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r9, 0xc020662a, &(0x7f0000000440)={0x3fffffffbfb, 0x5, 0x5, 0x5, 0x1, 0x0, [{0x800000002, 0xab8, 0x5, '\x00', 0x102}]}) r12 = syz_genetlink_get_family_id$nl80211(0x0, r10) sendmsg$NL80211_CMD_SET_CQM(r11, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000480)={&(0x7f0000000580)={0xf0, r12, 0x200, 0x70bd28, 0x25dfdbf8, {{}, {@void, @val={0xc, 0x99, {0xe985, 0x74}}}}, [@NL80211_ATTR_CQM={0xc, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x100}]}, @NL80211_ATTR_CQM={0x18, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0xc, 0x1, [0x9, 0xfffffffc]}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x26}]}, @NL80211_ATTR_CQM={0x2c, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x3}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x6ac}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x4}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x704}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x2b8}]}, @NL80211_ATTR_CQM={0x28, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0xf}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0xd}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x2}, @NL80211_ATTR_CQM_RSSI_THOLD={0xc, 0x1, [0x8, 0x7]}]}, @NL80211_ATTR_CQM={0x2c, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x22}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0xb}, @NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0xb20}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x6}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x1f}]}, @NL80211_ATTR_CQM={0x2c, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x7}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x56}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x33a}, @NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0xb778}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x3e}]}]}, 0xf0}, 0x1, 0x0, 0x0, 0x20008090}, 0x8000) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000000314010000000000000000000900020073797a2f000000000800410072786500140033007465616d5f736c6176655f30"], 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x8844) r13 = syz_genetlink_get_family_id$gtp(&(0x7f0000000140), 0xffffffffffffffff) r14 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000280)='\x00', &(0x7f00000002c0)={0x2c2742, 0x21, 0x2}, 0x18) open_tree(r14, &(0x7f0000000500)='./file1\x00', 0x100) sendmsg$GTP_CMD_ECHOREQ(r10, 0x0, 0x81) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x28, r13, 0x20, 0x70bd28, 0x25dfdbff, {}, [@GTPA_PEER_ADDR6={0x14, 0xb, @mcast1}]}, 0x28}, 0x1, 0x0, 0x0, 0x8800}, 0x24000001) 878.567934ms ago: executing program 9 (id=12193): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x1000850, &(0x7f0000000040)={[{@errors_remount}, {@discard}]}, 0x1, 0x512, &(0x7f0000000380)="$eJzs3d9rY1kdAPDvvW1mOzNdk1WRdcF1cVc6i07Sbt3dIqLriz4tqOv7WNu0lCZNadJ1Whbt4H8ggoJPPvki+AcIwzz4B8jAgL6ID6KiiM7og6DOlSQ3TidN2rrTNp3m84HTnHPvzf2ec0NO7o/TewMYWy9FxFsRMRERr0ZEMZ+e5in2uqm93IP77y21UxJZ9s5fk0jyab11tdcxGRFX87dNRcTXvhzxzeRg3ObO7vpirVbdysuVVn2z0tzZvb5WX1ytrlY35ufn3lh4c+H1hdks90TtLPUyP/nS529/+lu/u/Hna99uV+tzH4lC9LXjJHWbXuhsi572Nto6jWAj0PvMC6OuCAAAx9Lex/9gRHyis/9fjInO3lyfiVHUDAAAADgp2Rem499JRAYAAABcWGlETEeSlvOxANORppfycwMfjitprdFsfWqlsb2x3J4XUYpCurJWq87mY4VLUUja5bl8jG2v/FpfeT4inouI7xcvd8rlpUZtecTnPgAAAGBcXO07/v9HMe3kjzbg/wQAAACA86s0tAAAAABcFA75AQAA4OLrP/6/PaJ6AAAAAKfiK2+/3U5Z7/nXy+/ubK833r2+XG2ul+vbS+WlxtZmebXRWO3cs69+1PpqjcbmZ2Jj+2alVW22Ks2d3Rv1xvZG68baY4/ABgAAAM7Qcx+/8+skIvY+e7mTIr8PIMBj/jDqCgAnaWLUFQBGxl28YXwVRl0BYOSSI+YbvAMAAE+/mY8evP7fe/6/cwNwsRnrAwDjx/V/GF8FIwBhrKUR8YFu9plhywy9/v/L40bJsoi7xf1TnF8EAICzNd1JSVrOjwOmI03L5YhnI9JSFJKVtVp1Nj8++FWx8Ey7PNd5Z3LkmGEAAAAAAAAAAAAAAAAAAAAAAAAAoCvLksgAAACACy0i/VPSuZt/xEzxlen+8wOXkn8W44954Ufv/ODmYqu1Ndee/rfOs7wuRUTrh/n014Y+PgwAAAA4acne0Fnd4/T8de5MawUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAGHhw/72lXjrLuH/5YkSUBsWfjKnO61QUIuLK35OY3Pe+JCImTiD+3q2IeH5Q/CQeZllWymvRHz+NiMunHL/U2TTD4189gfgwzu60+5+3Bn3/0nip8zr4+zeZpyc1vP9L88jPd/q5Qf3fswfWVh8Y44V7P6sMjX8r4oXJwf1Pr/9NhsR/+cDa/pVl2cEY3/j67u6w+NmPI2YG/v4kj8WqtOqblebO7vW1+uJqdbW6MT8/98bCmwuvL8xWVtZq1fzvwBjf+9jPHx7W/isD4v/2N93+97D2vzJspX3+c+/m/Q91s4VB8a+9PPD3dyqGxE/z375P5vn2/Jlefq+b3+/Fn9598bD2Lw/Z/kd9/teO2f5Xv/rd3x9zUQDgDDR3dtcXa7Xq1iGZqWMs8zRmfjF1Lqrxf2ay73Q/ufNSn/ebae+tPprSa9U5qNi+THZmsSbinDT5f5mRdksAAMApeLTTP+qaAAAAAAAAAAAAAAAAAAAAwPg6i9uJ9cfcG01TAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO9d8AAAD//yLg4A8=") 771.935584ms ago: executing program 8 (id=12194): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c983885c93ea4ab4ca1e02d831ae162ee104"], &(0x7f0000000100)='GPL\x00'}, 0x41) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r1, 0x0, 0x0) getsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, 0x0, &(0x7f00000000c0)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18) r3 = syz_io_uring_setup(0x601d, &(0x7f00000006c0)={0x0, 0x7758, 0x1000, 0x8007, 0x1bf}, &(0x7f0000000300)=0x0, &(0x7f0000000680)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_RENAMEAT={0x23, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1}) io_uring_enter(r3, 0x10007b0f, 0x96f0, 0x20, 0x0, 0x0) prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00') sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYRES8=r0], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) 674.301854ms ago: executing program 9 (id=12196): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000580), 0x100}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x128}, 0x0) recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000180)={0x3, 0x0}, 0x8) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000380)={r6}, 0x4) 613.49285ms ago: executing program 1 (id=12197): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x4, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18020000ff610000000000000600000085000000200000009500000000000000"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000180)={'fscrypt:', @desc2}, &(0x7f0000000340)={0x0, "69dcaf20127e9a854528f45826cb35be51ca73845d177dd8dba7221daeccfda56b75cfe286fdd14cb5b11b1cab614fec2236da7d88ea0f0700", 0x3f}, 0x48, 0xfffffffffffffffe) mq_open(&(0x7f0000000040)='%(\x00', 0x40, 0x40, &(0x7f0000000080)={0xf5, 0x3, 0x3, 0x619}) keyctl$search(0xa, r3, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000100)={'syz', 0x0}, 0x0) unshare(0x24020400) socket$vsock_stream(0x28, 0x1, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x12, 0xfa00, {0x2, &(0x7f0000000080)={0xffffffffffffffff}, 0x106, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={0x0, r4, 0x0, 0x3, 0x4000}}, 0x20) 571.011024ms ago: executing program 1 (id=12199): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x17, &(0x7f0000000080)=0x1, 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1, r1}, 0x38) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2, 0x0, 0x2}, 0x18) r3 = memfd_create(&(0x7f0000000280)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) write$binfmt_script(r3, &(0x7f0000001880)={'#! ', './file0'}, 0xb) execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) socket$nl_route(0x10, 0x3, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000480)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000080)='sys_enter\x00', r4}, 0x10) mlockall(0x7) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x60001800}, 0x0) getsockname$packet(r6, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x24, 0x24, 0xf1d, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xfff1, 0xffff}, {0x4}}}, 0x24}, 0x1, 0xfffc}, 0x4000800) r8 = socket$inet6(0xa, 0x3, 0x3c) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000001000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r10}, 0x10) sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) connect$inet6(r8, &(0x7f0000000000)={0xa, 0x5000, 0x0, @loopback, 0x5}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) writev(r8, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1) 528.783308ms ago: executing program 3 (id=12202): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x59, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5e8, &(0x7f0000001200)="$eJzs3c9vFdUeAPDv3P6gpbzXQl7ee7iQJsZAorS0gCHGBWwNafBH3Lix0oJIgYbWaNGEkuDGxLgxxsSVC/G/UCJbVrpy4caVISFqWJp4zdzOlP6Y2x+X207T+XySS2fOmeGc4fLtOXPuOXMDqKzB9I9axMGImE4i+pP5xbzOyDIHF4579OdH59NXEvX6a78nkWRp+fFJ9rMvO7knIn78IYkDHavLnZm7cXl8amryerY/PHtlenhm7sbRS1fGL05enLw6+sLoqZMnTp4aOdbSdd0sSDt7+933+z8Ze/Obr/5KRr79ZSyJ0/FyduDS62iXwRhs/Jskq7P6TrW7sJJ0ZP9Plr7FSWeJFWJT8vevKyL+F/3REY/fvP74+JVSKwdsqXoSUQcqKhH/UFF5PyC/t195H1wrpVcCbIeHZxYGAFbHf+fC2GD0NMYG9j5KYumwThIRrY3MLbcvIu7fG7t94d7Y7diicTig2PytiPh/UfwnjfgfiJ4YaMR/bVn8p/2Cc9nPNP3VFstfOVQs/mH7LMR/z5rxH03i/60l8f92i+UPPt58p3dZ/Pe2ekkAAAAAAABQWXfPRMTzRZ//1xbn/0TB/J++iDjdhvIHV+yv/vy/9qANxQAFHp6JeKlw/m8tn/070JFt/asxH6AruXBpavJYRPw7Io5E1550f2SNMo5+euDLZnmD2fy//JWWfz+bC5jV40HnnuXnTIzPjj/pdQMRD29FPFU4/zdZbP+TgvY//X0wvcEyDjx751yzvPXjH9gq9a8jDhe2/4+fWpGs/XyO4UZ/YDjvFaz29Ieffdes/Fbj3yMm4Mml7f/eteN/IFn6vJ6ZzZdxfK6z3iyv1f5/d/J645Ez3VnaB+Ozs9dHIrqTsx1p6rL00c3XGXajPB7yeEnj/8gza4//FfX/eyNifsXfnfyxfE1x7r9/9/3arD76/1CeNP4nNtX+b35j9M7A983K31j7f6LR1h/JUoz/wYIv8jDtXp5eEI6dRVnbXV8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2A1qEbEvktrQ4natNjQU0RcR/4m9talrM7PPXbj23tWJNK/x/f+1/Jt++xf2k/z7/weW7I+u2D8eEfsj4vOO3sb+0PlrUxNlXzwAAAAAAAAAAAAAAAAAAADsEH1N1v+nfusou3bAlussuwJAaQri/6cy6gFsP+0/VJf4h+oS/1Bd4h+qq8X472p3PYDtp/2H6hL/UF3iHwAAAAAAdpX9h+7+nETE/Iu9jVeqO8szvwd2t1rZFQBK4xE/UF2m/kB1uccHknXye5qetN6Za5k+/wQnAwAAAAAAAAAAAEDlHD5o/T9UlfX/UF3W/0N15ev/D5VcD2D7uccHYp2V/IXr/9c9CwAAAAAAAAAAAABop5m5G5fHp6Ymr9t4Y2dUox0b6Tu7kYPr9frNxrEtlbVnB1zpjtrIp8LvlPqs2MjX+m3srNJ+JQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACv8EwAA//8IGSKz") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0) write(r1, &(0x7f0000004200)='t', 0x1) sendfile(r1, r0, 0x0, 0x3ffff) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00001f0000), 0x1002002, 0x0) dup(r3) socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000240)={{{@in6=@local, @in6=@private0}}, {{@in6=@ipv4={""/10, ""/2, @initdev}}, 0x0, @in=@initdev}}, &(0x7f0000000340)=0xe8) openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) sendfile(r1, r0, 0x0, 0x7ffff000) 486.323843ms ago: executing program 1 (id=12204): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) r0 = syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x1067, 0x80, 0x4, 0x224}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_OPENAT2={0x1c, 0x40, 0x0, 0xffffffffffffffff, &(0x7f00000004c0)={0x200000, 0x158, 0x18}, 0x0, 0x18, 0x0, 0x23456}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x18) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r0, 0x47f8, 0x0, 0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r6, 0x0, 0x97}, 0x18) prlimit64(0x0, 0xd, 0x0, 0x0) r7 = io_uring_setup(0x1020, &(0x7f00000000c0)={0x0, 0x6a0d, 0x3000, 0x1, 0x387}) io_uring_register$IORING_REGISTER_RESIZE_RINGS(r7, 0x21, &(0x7f0000000340)={0x0, 0x2fc3f, 0x10, 0x2, 0x377, 0x0, r7}, 0x1) ioctl$AUTOFS_IOC_FAIL(r5, 0x9361, 0x596) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r9 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000b00)='kmem_cache_free\x00', r8, 0x0, 0x1034}, 0x18) r10 = socket$netlink(0x10, 0x3, 0x14) r11 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x143142, 0x40) pwritev2(r11, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x0, 0x5404, 0x0, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r9, 0xc020662a, &(0x7f0000000440)={0x3fffffffbfb, 0x5, 0x5, 0x5, 0x1, 0x0, [{0x800000002, 0xab8, 0x5, '\x00', 0x102}]}) r12 = syz_genetlink_get_family_id$nl80211(0x0, r10) sendmsg$NL80211_CMD_SET_CQM(r11, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000480)={&(0x7f0000000580)={0xf0, r12, 0x200, 0x70bd28, 0x25dfdbf8, {{}, {@void, @val={0xc, 0x99, {0xe985, 0x74}}}}, [@NL80211_ATTR_CQM={0xc, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x100}]}, @NL80211_ATTR_CQM={0x18, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0xc, 0x1, [0x9, 0xfffffffc]}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x26}]}, @NL80211_ATTR_CQM={0x2c, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x3}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x6ac}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x4}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x704}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x2b8}]}, @NL80211_ATTR_CQM={0x28, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0xf}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0xd}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x2}, @NL80211_ATTR_CQM_RSSI_THOLD={0xc, 0x1, [0x8, 0x7]}]}, @NL80211_ATTR_CQM={0x2c, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x22}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0xb}, @NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0xb20}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x6}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x1f}]}, @NL80211_ATTR_CQM={0x2c, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x7}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x56}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x33a}, @NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0xb778}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x3e}]}]}, 0xf0}, 0x1, 0x0, 0x0, 0x20008090}, 0x8000) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000000314010000000000000000000900020073797a2f000000000800410072786500140033007465616d5f736c6176655f30"], 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x8844) r13 = syz_genetlink_get_family_id$gtp(&(0x7f0000000140), 0xffffffffffffffff) r14 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000280)='\x00', &(0x7f00000002c0)={0x2c2742, 0x21, 0x2}, 0x18) open_tree(r14, &(0x7f0000000500)='./file1\x00', 0x100) sendmsg$GTP_CMD_ECHOREQ(r10, 0x0, 0x81) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x28, r13, 0x20, 0x70bd28, 0x25dfdbff, {}, [@GTPA_PEER_ADDR6={0x14, 0xb, @mcast1}]}, 0x28}, 0x1, 0x0, 0x0, 0x8800}, 0x24000001) 285.056223ms ago: executing program 2 (id=12205): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, 0x0, &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r2}, 0x18) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r3, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r5) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@delchain={0x38, 0x2c, 0xf31, 0x600, 0x25dfcbfb, {0x0, 0x0, 0x0, r6, {}, {0xfff2, 0xffff}, {0xffff, 0x1}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008844}, 0x4010) 274.381774ms ago: executing program 1 (id=12206): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x17, &(0x7f0000000080)=0x1, 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x1, r1}, 0x38) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2, 0x0, 0x2}, 0x18) r3 = memfd_create(&(0x7f0000000280)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) write$binfmt_script(r3, &(0x7f0000001880)={'#! ', './file0'}, 0xb) execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) socket$nl_route(0x10, 0x3, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000480)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000080)='sys_enter\x00', r4}, 0x10) mlockall(0x7) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x60001800}, 0x0) getsockname$packet(r6, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x24, 0x24, 0xf1d, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xfff1, 0xffff}, {0x4}}}, 0x24}, 0x1, 0xfffc}, 0x4000800) r8 = socket$inet6(0xa, 0x3, 0x3c) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000001000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r10}, 0x10) sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) connect$inet6(r8, &(0x7f0000000000)={0xa, 0x5000, 0x0, @loopback, 0x5}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) writev(r8, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1) 261.788075ms ago: executing program 8 (id=12207): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x59, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5e8, &(0x7f0000001200)="$eJzs3c9vFdUeAPDv3P6gpbzXQl7ee7iQJsZAorS0gCHGBWwNafBH3Lix0oJIgYbWaNGEkuDGxLgxxsSVC/G/UCJbVrpy4caVISFqWJp4zdzOlP6Y2x+X207T+XySS2fOmeGc4fLtOXPuOXMDqKzB9I9axMGImE4i+pP5xbzOyDIHF4579OdH59NXEvX6a78nkWRp+fFJ9rMvO7knIn78IYkDHavLnZm7cXl8amryerY/PHtlenhm7sbRS1fGL05enLw6+sLoqZMnTp4aOdbSdd0sSDt7+933+z8Ze/Obr/5KRr79ZSyJ0/FyduDS62iXwRhs/Jskq7P6TrW7sJJ0ZP9Plr7FSWeJFWJT8vevKyL+F/3REY/fvP74+JVSKwdsqXoSUQcqKhH/UFF5PyC/t195H1wrpVcCbIeHZxYGAFbHf+fC2GD0NMYG9j5KYumwThIRrY3MLbcvIu7fG7t94d7Y7diicTig2PytiPh/UfwnjfgfiJ4YaMR/bVn8p/2Cc9nPNP3VFstfOVQs/mH7LMR/z5rxH03i/60l8f92i+UPPt58p3dZ/Pe2ekkAAAAAAABQWXfPRMTzRZ//1xbn/0TB/J++iDjdhvIHV+yv/vy/9qANxQAFHp6JeKlw/m8tn/070JFt/asxH6AruXBpavJYRPw7Io5E1550f2SNMo5+euDLZnmD2fy//JWWfz+bC5jV40HnnuXnTIzPjj/pdQMRD29FPFU4/zdZbP+TgvY//X0wvcEyDjx751yzvPXjH9gq9a8jDhe2/4+fWpGs/XyO4UZ/YDjvFaz29Ieffdes/Fbj3yMm4Mml7f/eteN/IFn6vJ6ZzZdxfK6z3iyv1f5/d/J645Ez3VnaB+Ozs9dHIrqTsx1p6rL00c3XGXajPB7yeEnj/8gza4//FfX/eyNifsXfnfyxfE1x7r9/9/3arD76/1CeNP4nNtX+b35j9M7A983K31j7f6LR1h/JUoz/wYIv8jDtXp5eEI6dRVnbXV8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2A1qEbEvktrQ4natNjQU0RcR/4m9talrM7PPXbj23tWJNK/x/f+1/Jt++xf2k/z7/weW7I+u2D8eEfsj4vOO3sb+0PlrUxNlXzwAAAAAAAAAAAAAAAAAAADsEH1N1v+nfusou3bAlussuwJAaQri/6cy6gFsP+0/VJf4h+oS/1Bd4h+qq8X472p3PYDtp/2H6hL/UF3iHwAAAAAAdpX9h+7+nETE/Iu9jVeqO8szvwd2t1rZFQBK4xE/UF2m/kB1uccHknXye5qetN6Za5k+/wQnAwAAAAAAAAAAAEDlHD5o/T9UlfX/UF3W/0N15ev/D5VcD2D7uccHYp2V/IXr/9c9CwAAAAAAAAAAAABop5m5G5fHp6Ymr9t4Y2dUox0b6Tu7kYPr9frNxrEtlbVnB1zpjtrIp8LvlPqs2MjX+m3srNJ+JQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACv8EwAA//8IGSKz") r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x1) r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0) write(r1, &(0x7f0000004200)='t', 0x1) sendfile(r1, r0, 0x0, 0x3ffff) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00001f0000), 0x1002002, 0x0) dup(r3) socket$nl_netfilter(0x10, 0x3, 0xc) openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) sendfile(r1, r0, 0x0, 0x7ffff000) 230.972337ms ago: executing program 2 (id=12208): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x8000}, 0x40800) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0) 180.101113ms ago: executing program 2 (id=12209): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x4, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18020000ff610000000000000600000085000000200000009500000000000000"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000180)={'fscrypt:', @desc2}, &(0x7f0000000340)={0x0, "69dcaf20127e9a854528f45826cb35be51ca73845d177dd8dba7221daeccfda56b75cfe286fdd14cb5b11b1cab614fec2236da7d88ea0f0700", 0x3f}, 0x48, 0xfffffffffffffffe) mq_open(&(0x7f0000000040)='%(\x00', 0x40, 0x40, &(0x7f0000000080)={0xf5, 0x3, 0x3, 0x619}) keyctl$search(0xa, r3, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000100)={'syz', 0x0}, 0x0) unshare(0x24020400) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000006c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000540)={0x0, 0x12, 0xfa00, {0x2, &(0x7f0000000080)={0xffffffffffffffff}, 0x106, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={0x0, r5, 0x0, 0x3, 0x4000}}, 0x20) 140.307197ms ago: executing program 2 (id=12210): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x34, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELFLOWTABLE={0x48, 0x16, 0xa, 0x101, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth1_to_bond\x00'}]}]}]}], {0x14, 0x10}}, 0xc4}, 0x1, 0x0, 0x0, 0x20040841}, 0x0) 120.916869ms ago: executing program 2 (id=12211): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec85"], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) 97.262551ms ago: executing program 1 (id=12212): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x78) socket$kcm(0x10, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x1000850, &(0x7f0000000040)={[{@errors_remount}, {@discard}]}, 0x1, 0x512, &(0x7f0000000380)="$eJzs3d9rY1kdAPDvvW1mOzNdk1WRdcF1cVc6i07Sbt3dIqLriz4tqOv7WNu0lCZNadJ1Whbt4H8ggoJPPvki+AcIwzz4B8jAgL6ID6KiiM7og6DOlSQ3TidN2rrTNp3m84HTnHPvzf2ec0NO7o/TewMYWy9FxFsRMRERr0ZEMZ+e5in2uqm93IP77y21UxJZ9s5fk0jyab11tdcxGRFX87dNRcTXvhzxzeRg3ObO7vpirVbdysuVVn2z0tzZvb5WX1ytrlY35ufn3lh4c+H1hdks90TtLPUyP/nS529/+lu/u/Hna99uV+tzH4lC9LXjJHWbXuhsi572Nto6jWAj0PvMC6OuCAAAx9Lex/9gRHyis/9fjInO3lyfiVHUDAAAADgp2Rem499JRAYAAABcWGlETEeSlvOxANORppfycwMfjitprdFsfWqlsb2x3J4XUYpCurJWq87mY4VLUUja5bl8jG2v/FpfeT4inouI7xcvd8rlpUZtecTnPgAAAGBcXO07/v9HMe3kjzbg/wQAAACA86s0tAAAAABcFA75AQAA4OLrP/6/PaJ6AAAAAKfiK2+/3U5Z7/nXy+/ubK833r2+XG2ul+vbS+WlxtZmebXRWO3cs69+1PpqjcbmZ2Jj+2alVW22Ks2d3Rv1xvZG68baY4/ABgAAAM7Qcx+/8+skIvY+e7mTIr8PIMBj/jDqCgAnaWLUFQBGxl28YXwVRl0BYOSSI+YbvAMAAE+/mY8evP7fe/6/cwNwsRnrAwDjx/V/GF8FIwBhrKUR8YFu9plhywy9/v/L40bJsoi7xf1TnF8EAICzNd1JSVrOjwOmI03L5YhnI9JSFJKVtVp1Nj8++FWx8Ey7PNd5Z3LkmGEAAAAAAAAAAAAAAAAAAAAAAAAAoCvLksgAAACACy0i/VPSuZt/xEzxlen+8wOXkn8W44954Ufv/ODmYqu1Ndee/rfOs7wuRUTrh/n014Y+PgwAAAA4acne0Fnd4/T8de5MawUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAGHhw/72lXjrLuH/5YkSUBsWfjKnO61QUIuLK35OY3Pe+JCImTiD+3q2IeH5Q/CQeZllWymvRHz+NiMunHL/U2TTD4189gfgwzu60+5+3Bn3/0nip8zr4+zeZpyc1vP9L88jPd/q5Qf3fswfWVh8Y44V7P6sMjX8r4oXJwf1Pr/9NhsR/+cDa/pVl2cEY3/j67u6w+NmPI2YG/v4kj8WqtOqblebO7vW1+uJqdbW6MT8/98bCmwuvL8xWVtZq1fzvwBjf+9jPHx7W/isD4v/2N93+97D2vzJspX3+c+/m/Q91s4VB8a+9PPD3dyqGxE/z375P5vn2/Jlefq+b3+/Fn9598bD2Lw/Z/kd9/teO2f5Xv/rd3x9zUQDgDDR3dtcXa7Xq1iGZqWMs8zRmfjF1Lqrxf2ay73Q/ufNSn/ebae+tPprSa9U5qNi+THZmsSbinDT5f5mRdksAAMApeLTTP+qaAAAAAAAAAAAAAAAAAAAAwPg6i9uJ9cfcG01TAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO9d8AAAD//yLg4A8=") 36.363687ms ago: executing program 2 (id=12213): r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x2) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) link(0x0, 0x0) io_uring_register$IORING_REGISTER_CLONE_BUFFERS(0xffffffffffffffff, 0x1e, 0x0, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) copy_file_range(r3, 0x0, r3, 0xffffffffffffffff, 0x7, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0100000004000000080000000b"], 0x48) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_WOWLAN(r0, &(0x7f0000000640)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x24, 0x0, 0x800, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x1, 0x60}, @val={0x8, 0x3, r5}, @void}}, ["", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x4000040}, 0x20000014) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000002000000000000000000000a030000000000000000000011"], 0x0, 0x32, 0x0, 0x1}, 0x28) write$binfmt_misc(r0, &(0x7f0000000380)="5177ffbb3f9d99816588a9fbd3f55ae825493d63ddc6eb5e9103a1c387892e48e8d82de82e79c21558dd33a1b58492110aa188239567c51ef1df53eecac02440b914839a9381ee2279dc4ff0dfa3f5293de41183c122eac9f33ffa23d166338d7333dfae1248ec514f86d41f9efe52c7d47240fb7072bff350741d551469b068851145b5598ae353149dbd1d53a84f80d425399814c580aa39571068cb4b72604096ad515329983bdf7215a0c877ca2b127693a3859c7b9da1145b03fd3b037169915b7823d528fdc70565838af9e0de403190712375b1a742f986766a70832264b2cb84a166", 0xe6) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) write$cgroup_int(0xffffffffffffffff, 0x0, 0x2) fcntl$notify(r0, 0x402, 0x0) socket$kcm(0x21, 0x2, 0x2) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x8042, 0x1fe) r7 = open(&(0x7f0000000180)='./file1\x00', 0x143142, 0x0) splice(r7, 0x0, r6, 0x0, 0x9b, 0x0) getsockopt$inet6_int(r7, 0x29, 0x5, &(0x7f0000000200), &(0x7f0000000480)=0x4) syz_mount_image$ext4(&(0x7f0000000340)='ext4\x00', &(0x7f0000000980)='./file0\x00', 0x3000010, &(0x7f0000000100)={[{@resuid}, {@nobh}]}, 0x1, 0x519, &(0x7f00000009c0)="$eJzs3cFvI1cZAPBvJvE2u5tiFxAqlSgVLcpWsHbS0DZCCMoFTpWA5b6ExImi2HEUO2UTVZCK/wAhgcSJExck/gCkqgfEGVWqBBfEAQECIdjCAQnoII/HJevYSaBJnI1/P+mt35sZz/e9ifw8M56dCWBiPRURL0XEVEQ8GxHlYnpalDjole5yb99/daVbksiyO39JIimm9dfVbU9HxM3ibTMR8ZUvRnw9ORq3vbe/udxo1HeKdq3T3K619/ZvbzSX1+vr9a3FxYUXll5cen5pPiu8p35W+pUffeGzr3/yG7+9+6db3+ym9ZkPRSkG+nGWel0v5duir7uNds4j2BhMFf0pjTsRAABOpbuP//6I+Fi+/1+OqXxvbsDUODIDAAAAzkr2udn4VxKRAQAAAFdWGhGzkaTV4lqA2UjTa8W5gQ/GjbTRanc+sdba3VrtzouoRCld22jU54trhStRSrrtheIa2377uYH2YkQ8FhHfLV/P29WVVmN1zOc+AAAAYFLcHDj+/3s5zesnG/L/BAAAAIDLqzKyAQAAAFwVDvkBAADg6hs8/n99THkAAAAA5+JLL7/cLVn/+derr+ztbrZeub1ab29Wm7sr1ZXWznZ1vdVaz+/Z1zxpfY1Wa/tTsbV7r9aptzu19t7+3WZrd6tzd+OBR2ADAAAAF+ixj77xqyQiDj59PS9R3AcQ4AG/H3cCwFmaGncCwNi4izdMrlK/cm28eQDjk5ww38U7AADw8Jv78NHf//unAkpjzQw4b671AYDJ4/d/mFwlVwDCREsj4n296iOjlhn5+/8vThslyyLeLB+e4vwiAABcrNm8JGm1OA6YjTStViMejUgrUUrWNhr1+eL44Jfl0iPd9kL+zuTEa4YBAAAAAAAAAAAAAAAAAAAAAAAAgJ4sSyIDAAAArrSI9I9Jfjf/iLnyM7OD5weuJf8oxx+Kxg/ufO/ecqezs9Cd/tf8WV7XIqLz/TulfPpzIx8fBgAAAJy15GDkrN5xevG6cKFZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAB3r7/6kq/XGTcP38+IirD4k/HTP46E6WIuPG3JKYPvS+JiKkziH/wWkQ8Pix+Eu9kWVYpshgW//o5x6/km2Z4/DQibp5BfJhkb3THn5eGff7SeCp/Hf75my7KezV6/EuLyI/n49yw8efRI2trDo3xxFs/qY2M/1rEE9PDx5/++JuMiP/0kbX9M8uyozG+9tX9/VHxsx9GzA39/kkeiFXrNLdr7b392xvN5fX6en1rcXHhhaUXl55fmq+tbTTqxb9DY3znIz9957j+3xgS/ze/7o2/x/X/mVErHfDvt+7d/0CvWhoW/9bTQ79/Z2JE/LT47vt4Ue/On+vXD3r1w5788ZtPHtf/1RHb/6S//61T9v/ZL3/7d6dcFAC4AO29/c3lRqO+c0xl5hTLPIyVn81cijT+x0r2rd5f7rLk8/9Wunur/53S79UlSOxQJbuwWFNxSbr8bmWswxIAAHAOfv7uTv+4MwEAAAAAAAAAAAAAAAAAAIDJdRG3ExuMeTCergIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHOs/AQAA//9GB9/T") 0s ago: executing program 1 (id=12214): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000064010100000000000000000000000000fc01000000000000000000000000000000000000000000000a000000000000", @ANYBLOB="000800000000000003000000000000000000000000000000fd"], 0xfc}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x7, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1000}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2}]}, &(0x7f0000000080)='syzkaller\x00', 0x3, 0x72, &(0x7f0000000000)=""/114}, 0x94) kernel console output (not intermixed with test programs): 88][T32601] EXT4-fs (loop9): orphan cleanup on readonly fs [ 475.433348][T32586] EXT4-fs (loop3): mount failed [ 475.442049][T32601] EXT4-fs error (device loop9): ext4_do_update_inode:5624: inode #16: comm syz.9.11633: corrupted inode contents [ 475.456476][T32601] EXT4-fs (loop9): Remounting filesystem read-only [ 475.463652][T32601] EXT4-fs (loop9): 1 truncate cleaned up [ 475.469788][ T37] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 475.470624][T32618] team0: No ports can be present during mode change [ 475.480496][ T37] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 475.498506][ T37] EXT4-fs (loop9): Quota write (off=8, len=24) cancelled because transaction is not started [ 475.509679][T32601] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 475.537716][T32618] team0 (unregistering): Port device team_slave_0 removed [ 475.545677][T26610] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 475.561673][T32618] team0 (unregistering): Port device team_slave_1 removed [ 475.632645][T32637] nfs: Unexpected value for 'acl' [ 475.641282][T32639] pim6reg1: entered promiscuous mode [ 475.646707][T32639] pim6reg1: entered allmulticast mode [ 475.808627][T32663] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 475.840029][T32667] siw: device registration error -23 [ 475.971698][T32682] netlink: 'syz.9.11667': attribute type 7 has an invalid length. [ 475.982885][T32682] loop9: detected capacity change from 0 to 512 [ 475.993094][T32682] EXT4-fs (loop9): revision level too high, forcing read-only mode [ 476.001136][T32682] EXT4-fs (loop9): orphan cleanup on readonly fs [ 476.009159][T32682] EXT4-fs error (device loop9): ext4_do_update_inode:5624: inode #16: comm syz.9.11667: corrupted inode contents [ 476.021755][T32682] EXT4-fs (loop9): Remounting filesystem read-only [ 476.028607][T32682] EXT4-fs (loop9): 1 truncate cleaned up [ 476.034498][ T60] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 476.045274][ T60] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 476.055995][ T60] EXT4-fs (loop9): Quota write (off=8, len=24) cancelled because transaction is not started [ 476.066973][T32682] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 476.098245][T26610] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 476.118351][T32690] pim6reg1: entered promiscuous mode [ 476.123829][T32690] pim6reg1: entered allmulticast mode [ 476.165745][T32697] loop9: detected capacity change from 0 to 1024 [ 476.180654][T32697] ext3: Unknown parameter 'subj_type' [ 476.246897][T32702] siw: device registration error -23 [ 476.848722][T32760] loop2: detected capacity change from 0 to 764 [ 476.901814][T32763] loop3: detected capacity change from 0 to 512 [ 476.932779][T32763] EXT4-fs (loop3): orphan cleanup on readonly fs [ 476.936498][T32746] lo speed is unknown, defaulting to 1000 [ 476.947616][T32763] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.11702: bg 0: block 248: padding at end of block bitmap is not set [ 476.975646][T32763] EXT4-fs error (device loop3): ext4_acquire_dquot:6945: comm syz.3.11702: Failed to acquire dquot type 1 [ 477.007543][T32763] EXT4-fs (loop3): 1 truncate cleaned up [ 477.015123][T32763] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 477.119602][T29965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 477.319026][ T317] SELinux: failed to load policy [ 477.369037][ T329] !yz!: rxe_newlink: already configured on team_slave_0 [ 477.552815][ T352] FAULT_INJECTION: forcing a failure. [ 477.552815][ T352] name failslab, interval 1, probability 0, space 0, times 0 [ 477.565721][ T352] CPU: 1 UID: 0 PID: 352 Comm: syz.2.11725 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 477.565769][ T352] Tainted: [W]=WARN [ 477.565778][ T352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 477.565796][ T352] Call Trace: [ 477.565805][ T352] [ 477.565815][ T352] __dump_stack+0x1d/0x30 [ 477.565919][ T352] dump_stack_lvl+0xe8/0x140 [ 477.565944][ T352] dump_stack+0x15/0x1b [ 477.565992][ T352] should_fail_ex+0x265/0x280 [ 477.566039][ T352] should_failslab+0x8c/0xb0 [ 477.566076][ T352] kmem_cache_alloc_node_noprof+0x57/0x4a0 [ 477.566171][ T352] ? __alloc_skb+0x101/0x320 [ 477.566206][ T352] __alloc_skb+0x101/0x320 [ 477.566236][ T352] ? audit_log_start+0x342/0x720 [ 477.566264][ T352] audit_log_start+0x3a0/0x720 [ 477.566296][ T352] ? kstrtouint+0x76/0xc0 [ 477.566340][ T352] audit_seccomp+0x48/0x100 [ 477.566380][ T352] ? __seccomp_filter+0x82d/0x1250 [ 477.566419][ T352] __seccomp_filter+0x83e/0x1250 [ 477.566490][ T352] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 477.566527][ T352] ? vfs_write+0x7e8/0x960 [ 477.566565][ T352] __secure_computing+0x82/0x150 [ 477.566642][ T352] syscall_trace_enter+0xcf/0x1e0 [ 477.566677][ T352] do_syscall_64+0xac/0x200 [ 477.566710][ T352] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 477.566747][ T352] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 477.566814][ T352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 477.566870][ T352] RIP: 0033:0x7ff93a00eec9 [ 477.566891][ T352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 477.566916][ T352] RSP: 002b:00007ff938a77038 EFLAGS: 00000246 ORIG_RAX: 000000000000012e [ 477.566942][ T352] RAX: ffffffffffffffda RBX: 00007ff93a265fa0 RCX: 00007ff93a00eec9 [ 477.566959][ T352] RDX: 0000000000000000 RSI: 000000000000000e RDI: 0000000000000000 [ 477.566998][ T352] RBP: 00007ff938a77090 R08: 0000000000000000 R09: 0000000000000000 [ 477.567013][ T352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 477.567025][ T352] R13: 00007ff93a266038 R14: 00007ff93a265fa0 R15: 00007ffec5a13708 [ 477.567058][ T352] [ 477.923477][ T377] loop2: detected capacity change from 0 to 764 [ 477.941146][ T377] iso9660: Unknown parameter '9p' [ 477.970068][ T384] FAULT_INJECTION: forcing a failure. [ 477.970068][ T384] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 477.974782][ T387] __nla_validate_parse: 10 callbacks suppressed [ 477.974805][ T387] netlink: 24 bytes leftover after parsing attributes in process `syz.3.11741'. [ 477.983295][ T384] CPU: 0 UID: 0 PID: 384 Comm: syz.1.11739 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 477.983338][ T384] Tainted: [W]=WARN [ 477.983345][ T384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 477.983424][ T384] Call Trace: [ 477.983435][ T384] [ 477.983447][ T384] __dump_stack+0x1d/0x30 [ 477.983479][ T384] dump_stack_lvl+0xe8/0x140 [ 477.983538][ T384] dump_stack+0x15/0x1b [ 477.983561][ T384] should_fail_ex+0x265/0x280 [ 477.983622][ T384] should_fail+0xb/0x20 [ 477.983815][ T384] should_fail_usercopy+0x1a/0x20 [ 477.983847][ T384] _copy_from_user+0x1c/0xb0 [ 477.983882][ T384] __copy_msghdr+0x244/0x300 [ 477.983926][ T384] ___sys_sendmsg+0x109/0x1d0 [ 477.983995][ T384] __sys_sendmmsg+0x178/0x300 [ 477.984052][ T384] __x64_sys_sendmmsg+0x57/0x70 [ 477.984095][ T384] x64_sys_call+0x1c4a/0x3000 [ 477.984126][ T384] do_syscall_64+0xd2/0x200 [ 477.984184][ T384] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 477.984225][ T384] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 477.984324][ T384] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 477.984356][ T384] RIP: 0033:0x7f5e662aeec9 [ 477.984378][ T384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 477.984405][ T384] RSP: 002b:00007f5e64d17038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 477.984433][ T384] RAX: ffffffffffffffda RBX: 00007f5e66505fa0 RCX: 00007f5e662aeec9 [ 477.984533][ T384] RDX: 0000000000000001 RSI: 00002000000032c0 RDI: 0000000000000003 [ 477.984551][ T384] RBP: 00007f5e64d17090 R08: 0000000000000000 R09: 0000000000000000 [ 477.984569][ T384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 477.984587][ T384] R13: 00007f5e66506038 R14: 00007f5e66505fa0 R15: 00007ffc9af891a8 [ 477.984624][ T384] [ 478.055948][ T374] netlink: 'syz.8.11736': attribute type 10 has an invalid length. [ 478.218234][ T374] macvlan1: entered promiscuous mode [ 478.250917][ T374] bond0: (slave macvlan1): Enslaving as an active interface with an up link [ 478.336951][ T418] netlink: 12 bytes leftover after parsing attributes in process `syz.8.11752'. [ 478.379079][ T418] netlink: 44 bytes leftover after parsing attributes in process `syz.8.11752'. [ 478.471276][ T421] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 478.490821][ T432] pim6reg1: entered promiscuous mode [ 478.496320][ T432] pim6reg1: entered allmulticast mode [ 478.567117][ T426] !yz!: rxe_newlink: already configured on team_slave_0 [ 478.601104][ T445] pim6reg1: entered promiscuous mode [ 478.606444][ T445] pim6reg1: entered allmulticast mode [ 478.750529][ T455] netlink: 24 bytes leftover after parsing attributes in process `syz.9.11769'. [ 478.776206][ T467] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 478.813567][ T471] pim6reg1: entered promiscuous mode [ 478.819059][ T471] pim6reg1: entered allmulticast mode [ 478.865028][ T29] kauditd_printk_skb: 304 callbacks suppressed [ 478.865047][ T29] audit: type=1400 audit(1760349054.374:50660): avc: denied { connect } for pid=454 comm="syz.9.11769" lport=60 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 478.904700][ T455] netlink: 4 bytes leftover after parsing attributes in process `syz.9.11769'. [ 479.058909][ T492] loop2: detected capacity change from 0 to 512 [ 479.077384][ T492] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 479.098622][ T492] EXT4-fs (loop2): orphan cleanup on readonly fs [ 479.151149][ T492] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #16: comm syz.2.11784: corrupted inode contents [ 479.201449][ T492] EXT4-fs (loop2): Remounting filesystem read-only [ 479.254044][ T504] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=504 comm=syz.9.11787 [ 479.255989][ T492] EXT4-fs (loop2): 1 truncate cleaned up [ 479.274260][ T3671] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 479.285149][ T3671] Quota error (device loop2): write_blk: dquota write failed [ 479.292771][ T3671] Quota error (device loop2): remove_free_dqentry: Can't write block (5) with free entries [ 479.303357][ T3671] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 479.314019][ T3671] Quota error (device loop2): write_blk: dquota write failed [ 479.321549][ T3671] Quota error (device loop2): free_dqentry: Can't move quota data block (5) to free list [ 479.331974][ T3671] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started [ 479.342286][ T3671] Quota error (device loop2): v2_write_file_info: Can't write info structure [ 479.372515][ T510] netlink: 996 bytes leftover after parsing attributes in process `syz.9.11789'. [ 479.374002][ T3671] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 479.415428][ T515] loop3: detected capacity change from 0 to 512 [ 479.423433][ T492] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 479.436928][ T511] pim6reg1: entered promiscuous mode [ 479.442388][ T511] pim6reg1: entered allmulticast mode [ 479.450276][ T515] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 479.465738][ T515] EXT4-fs (loop3): orphan cleanup on readonly fs [ 479.490401][ T515] EXT4-fs error (device loop3): ext4_do_update_inode:5624: inode #16: comm syz.3.11792: corrupted inode contents [ 479.509155][ T515] EXT4-fs (loop3): Remounting filesystem read-only [ 479.519629][T25687] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 479.544094][ T515] EXT4-fs (loop3): 1 truncate cleaned up [ 479.549985][ T60] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 479.560765][ T60] Quota error (device loop3): write_blk: dquota write failed [ 479.568197][ T60] Quota error (device loop3): remove_free_dqentry: Can't write block (5) with free entries [ 479.578309][ T60] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 479.588890][ T60] Quota error (device loop3): write_blk: dquota write failed [ 479.615949][ T60] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 479.627219][ T515] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 479.669311][ T526] netlink: 32 bytes leftover after parsing attributes in process `syz.2.11794'. [ 479.683492][T29965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 479.731431][ T536] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11801'. [ 479.767622][ T538] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=538 comm=syz.9.11802 [ 479.770907][ T536] netlink: 44 bytes leftover after parsing attributes in process `syz.2.11801'. [ 480.015864][ T562] FAULT_INJECTION: forcing a failure. [ 480.015864][ T562] name failslab, interval 1, probability 0, space 0, times 0 [ 480.028676][ T562] CPU: 1 UID: 0 PID: 562 Comm: syz.9.11810 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 480.028719][ T562] Tainted: [W]=WARN [ 480.028728][ T562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 480.028742][ T562] Call Trace: [ 480.028748][ T562] [ 480.028756][ T562] __dump_stack+0x1d/0x30 [ 480.028778][ T562] dump_stack_lvl+0xe8/0x140 [ 480.028871][ T562] dump_stack+0x15/0x1b [ 480.028895][ T562] should_fail_ex+0x265/0x280 [ 480.029006][ T562] should_failslab+0x8c/0xb0 [ 480.029041][ T562] kmem_cache_alloc_node_noprof+0x57/0x4a0 [ 480.029070][ T562] ? __alloc_skb+0x101/0x320 [ 480.029151][ T562] __alloc_skb+0x101/0x320 [ 480.029181][ T562] ? audit_log_start+0x342/0x720 [ 480.029209][ T562] audit_log_start+0x3a0/0x720 [ 480.029230][ T562] ? kstrtouint+0x76/0xc0 [ 480.029275][ T562] audit_seccomp+0x48/0x100 [ 480.029314][ T562] ? __seccomp_filter+0x82d/0x1250 [ 480.029347][ T562] __seccomp_filter+0x83e/0x1250 [ 480.029390][ T562] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 480.029428][ T562] ? vfs_write+0x7e8/0x960 [ 480.029473][ T562] __secure_computing+0x82/0x150 [ 480.029502][ T562] syscall_trace_enter+0xcf/0x1e0 [ 480.029539][ T562] do_syscall_64+0xac/0x200 [ 480.029587][ T562] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 480.029615][ T562] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 480.029645][ T562] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 480.029742][ T562] RIP: 0033:0x7f7e0da7eec9 [ 480.029762][ T562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 480.029787][ T562] RSP: 002b:00007f7e0c4e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 480.029814][ T562] RAX: ffffffffffffffda RBX: 00007f7e0dcd5fa0 RCX: 00007f7e0da7eec9 [ 480.029832][ T562] RDX: 0000000000000004 RSI: 0000000000000000 RDI: ffffffffffffffff [ 480.029849][ T562] RBP: 00007f7e0c4e7090 R08: 0000000000000000 R09: 0000000000000000 [ 480.029866][ T562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 480.029933][ T562] R13: 00007f7e0dcd6038 R14: 00007f7e0dcd5fa0 R15: 00007ffd897ee558 [ 480.029958][ T562] [ 480.281591][ T60] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.294808][ T548] lo speed is unknown, defaulting to 1000 [ 480.335080][ T60] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.353619][ T568] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11812'. [ 480.398333][ T60] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.465226][ T585] loop2: detected capacity change from 0 to 512 [ 480.492788][ T60] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.512104][ T585] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 480.537059][ T594] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 480.549619][ T585] ext4 filesystem being mounted at /598/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 480.578313][ T585] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 480.586795][ T585] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 480.606236][ T590] syzkaller0: entered promiscuous mode [ 480.611902][ T590] syzkaller0: entered allmulticast mode [ 480.632775][ T585] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #2: comm syz.2.11819: corrupted inode contents [ 480.646689][ T548] chnl_net:caif_netlink_parms(): no params data found [ 480.652560][ T585] EXT4-fs error (device loop2): ext4_dirty_inode:6509: inode #2: comm syz.2.11819: mark_inode_dirty error [ 480.673798][ T585] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #2: comm syz.2.11819: corrupted inode contents [ 480.686821][ T585] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #2: comm syz.2.11819: mark_inode_dirty error [ 480.705973][ T585] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 480.714700][ T585] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 480.729072][ T585] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 480.763844][ T606] pim6reg1: entered promiscuous mode [ 480.769238][ T606] pim6reg1: entered allmulticast mode [ 480.776341][ T609] loop9: detected capacity change from 0 to 512 [ 480.776938][ T548] bridge0: port 1(bridge_slave_0) entered blocking state [ 480.789795][ T548] bridge0: port 1(bridge_slave_0) entered disabled state [ 480.797221][ T548] bridge_slave_0: entered allmulticast mode [ 480.803250][ T609] EXT4-fs (loop9): revision level too high, forcing read-only mode [ 480.803861][ T548] bridge_slave_0: entered promiscuous mode [ 480.811511][ T609] EXT4-fs (loop9): orphan cleanup on readonly fs [ 480.818850][ T548] bridge0: port 2(bridge_slave_1) entered blocking state [ 480.830891][ T548] bridge0: port 2(bridge_slave_1) entered disabled state [ 480.838282][ T548] bridge_slave_1: entered allmulticast mode [ 480.840324][ T609] EXT4-fs error (device loop9): ext4_do_update_inode:5624: inode #16: comm syz.9.11826: corrupted inode contents [ 480.845166][ T548] bridge_slave_1: entered promiscuous mode [ 480.862833][ T609] EXT4-fs (loop9): Remounting filesystem read-only [ 480.870249][ T609] EXT4-fs (loop9): 1 truncate cleaned up [ 480.876049][ T2870] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 480.886727][ T2870] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 480.897995][ T2870] EXT4-fs (loop9): Quota write (off=8, len=24) cancelled because transaction is not started [ 480.909054][ T609] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 480.936821][T26610] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 480.939271][ T548] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 480.955476][ T60] bridge_slave_1: left allmulticast mode [ 480.961264][ T60] bridge_slave_1: left promiscuous mode [ 480.967113][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 480.984258][ T60] bridge_slave_0: left allmulticast mode [ 480.990018][ T60] bridge_slave_0: left promiscuous mode [ 480.995869][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 481.091534][ T617] !yz!: rxe_newlink: already configured on team_slave_0 [ 481.104550][ T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 481.123203][ T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 481.133645][ T60] bond0 (unregistering): (slave macvlan1): Releasing backup interface [ 481.144102][ T60] bond0 (unregistering): Released all slaves [ 481.154147][ T548] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 481.192320][ T626] netlink: 'syz.9.11833': attribute type 7 has an invalid length. [ 481.199072][ T548] team0: Port device team_slave_0 added [ 481.218195][ T548] team0: Port device team_slave_1 added [ 481.239138][ T626] loop9: detected capacity change from 0 to 512 [ 481.263525][ T60] hsr_slave_0: left promiscuous mode [ 481.269639][ T60] hsr_slave_1: left promiscuous mode [ 481.275956][ T626] EXT4-fs (loop9): revision level too high, forcing read-only mode [ 481.286865][ T60] veth1_macvtap: left promiscuous mode [ 481.292749][ T60] veth0_macvtap: left promiscuous mode [ 481.298452][ T626] EXT4-fs (loop9): orphan cleanup on readonly fs [ 481.305207][ T60] veth1_vlan: left promiscuous mode [ 481.310594][ T60] veth0_vlan: left promiscuous mode [ 481.326234][ T626] EXT4-fs error (device loop9): ext4_do_update_inode:5624: inode #16: comm syz.9.11833: corrupted inode contents [ 481.346885][ T626] EXT4-fs (loop9): Remounting filesystem read-only [ 481.354061][ T626] EXT4-fs (loop9): 1 truncate cleaned up [ 481.359969][ T2870] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 481.370585][ T2870] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 481.382078][ T2870] EXT4-fs (loop9): Quota write (off=8, len=24) cancelled because transaction is not started [ 481.397904][ T626] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 481.416537][ T585] Process accounting paused [ 481.438660][T25687] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 481.484688][T26610] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 481.506790][ T60] team0 (unregistering): Port device team_slave_1 removed [ 481.529257][ T60] team0 (unregistering): Port device team_slave_0 removed [ 481.666273][ T548] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 481.673494][ T548] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 481.699850][ T548] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 481.770910][ T548] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 481.778055][ T548] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 481.805498][ T548] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 481.948787][ T548] hsr_slave_0: entered promiscuous mode [ 481.976188][ T548] hsr_slave_1: entered promiscuous mode [ 482.010515][ T548] debugfs: 'hsr0' already exists in 'hsr' [ 482.016607][ T548] Cannot create hsr debugfs directory [ 482.069093][ T60] IPVS: stop unused estimator thread 0... [ 482.145729][ T60] ------------[ cut here ]------------ [ 482.151462][ T60] WARNING: CPU: 1 PID: 60 at net/xfrm/xfrm_state.c:3306 xfrm_state_fini+0x179/0x1f0 [ 482.161153][ T60] Modules linked in: [ 482.165281][ T60] CPU: 1 UID: 0 PID: 60 Comm: kworker/u8:4 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 482.177377][ T60] Tainted: [W]=WARN [ 482.181443][ T60] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 482.191678][ T60] Workqueue: netns cleanup_net [ 482.197001][ T60] RIP: 0010:xfrm_state_fini+0x179/0x1f0 [ 482.202646][ T60] Code: 48 8d bb 70 0e 00 00 e8 65 a8 b7 fc 48 8b bb 70 0e 00 00 e8 e9 53 c4 fc 5b 41 5e 41 5f 5d c3 cc cc cc cc cc e8 38 51 9c fc 90 <0f> 0b 90 e9 d9 fe ff ff e8 2a 51 9c fc 90 0f 0b 90 4c 89 f7 e8 2e [ 482.222584][ T60] RSP: 0018:ffffc900001d3c60 EFLAGS: 00010293 [ 482.228844][ T60] RAX: ffffffff84baee48 RBX: ffff88811908de00 RCX: ffff88810199b180 [ 482.237091][ T60] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88811908ec40 [ 482.245106][ T60] RBP: ffffffff86c91000 R08: 0001ffff8684802f R09: 0000000000000000 [ 482.253255][ T60] R10: ffffc900001d3be8 R11: 0001c900001d3be8 R12: ffffffff86c91020 [ 482.261546][ T60] R13: ffff88811908de28 R14: ffff88811908ec40 R15: ffff88811908de00 [ 482.269590][ T60] FS: 0000000000000000(0000) GS:ffff8882aef3a000(0000) knlGS:0000000000000000 [ 482.278649][ T60] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 482.285411][ T60] CR2: 00007f7e0dcc11df CR3: 000000012e782000 CR4: 00000000003506f0 [ 482.293665][ T60] DR0: 0000200000000300 DR1: 0000200000000300 DR2: 0000200000000300 [ 482.302291][ T60] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 482.310535][ T60] Call Trace: [ 482.314052][ T60] [ 482.317040][ T60] xfrm_net_exit+0x2d/0x60 [ 482.321658][ T60] ops_undo_list+0x27b/0x410 [ 482.326327][ T60] cleanup_net+0x2f4/0x4f0 [ 482.330824][ T60] process_scheduled_works+0x4ce/0x9d0 [ 482.336413][ T60] worker_thread+0x582/0x770 [ 482.341061][ T60] kthread+0x489/0x510 [ 482.345251][ T60] ? finish_task_switch+0xad/0x2b0 [ 482.350452][ T60] ? __pfx_worker_thread+0x10/0x10 [ 482.355630][ T60] ? __pfx_kthread+0x10/0x10 [ 482.360429][ T60] ret_from_fork+0x122/0x1b0 [ 482.365231][ T60] ? __pfx_kthread+0x10/0x10 [ 482.369944][ T60] ret_from_fork_asm+0x1a/0x30 [ 482.374806][ T60] [ 482.378050][ T60] ---[ end trace 0000000000000000 ]--- [ 482.659619][ T548] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 482.674127][ T691] loop3: detected capacity change from 0 to 1024 [ 482.678298][ T548] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 482.686208][ T691] EXT4-fs: Ignoring removed orlov option [ 482.711954][ T691] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 482.739519][ T548] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 482.772727][ T548] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 482.946458][ T693] infiniband syz!: set down [ 482.951137][ T693] infiniband syz!: added team_slave_0 [ 483.007834][ T548] 8021q: adding VLAN 0 to HW filter on device bond0 [ 483.023775][ T693] RDS/IB: syz!: added [ 483.074604][ T548] 8021q: adding VLAN 0 to HW filter on device team0 [ 483.128381][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 483.135635][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 483.219568][ T3671] bridge0: port 2(bridge_slave_1) entered blocking state [ 483.226683][ T3671] bridge0: port 2(bridge_slave_1) entered forwarding state [ 483.237261][T29965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 483.268517][ T548] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 483.279131][ T548] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 483.311725][ T705] loop3: detected capacity change from 0 to 512 [ 483.344354][ T705] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 483.360421][ T705] EXT4-fs (loop3): orphan cleanup on readonly fs [ 483.390231][ T705] EXT4-fs error (device loop3): ext4_do_update_inode:5624: inode #16: comm syz.3.11862: corrupted inode contents [ 483.409866][ T548] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 483.425238][ T705] EXT4-fs (loop3): Remounting filesystem read-only [ 483.440108][ T716] __nla_validate_parse: 3 callbacks suppressed [ 483.440129][ T716] netlink: 24 bytes leftover after parsing attributes in process `syz.9.11865'. [ 483.466823][ T705] EXT4-fs (loop3): 1 truncate cleaned up [ 483.472781][ T2870] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 483.483678][ T2870] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 483.506862][ T719] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=719 comm=syz.9.11865 [ 483.537409][ T2870] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 483.570897][ T705] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 483.618848][ T726] loop9: detected capacity change from 0 to 512 [ 483.630981][T29965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 483.682737][ T726] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 483.708555][ T737] FAULT_INJECTION: forcing a failure. [ 483.708555][ T737] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 483.719473][ T740] netlink: 24 bytes leftover after parsing attributes in process `syz.2.11871'. [ 483.722277][ T737] CPU: 0 UID: 0 PID: 737 Comm: syz.1.11870 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 483.722334][ T737] Tainted: [W]=WARN [ 483.722343][ T737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 483.722362][ T737] Call Trace: [ 483.722371][ T737] [ 483.722382][ T737] __dump_stack+0x1d/0x30 [ 483.722412][ T737] dump_stack_lvl+0xe8/0x140 [ 483.722506][ T737] dump_stack+0x15/0x1b [ 483.722540][ T737] should_fail_ex+0x265/0x280 [ 483.722645][ T737] should_fail+0xb/0x20 [ 483.722734][ T737] should_fail_usercopy+0x1a/0x20 [ 483.722766][ T737] _copy_from_user+0x1c/0xb0 [ 483.722821][ T737] __copy_msghdr+0x244/0x300 [ 483.722865][ T737] ___sys_sendmsg+0x109/0x1d0 [ 483.722927][ T737] __sys_sendmmsg+0x178/0x300 [ 483.723056][ T737] __x64_sys_sendmmsg+0x57/0x70 [ 483.723100][ T737] x64_sys_call+0x1c4a/0x3000 [ 483.723132][ T737] do_syscall_64+0xd2/0x200 [ 483.723165][ T737] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 483.723223][ T737] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 483.723256][ T737] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.723341][ T737] RIP: 0033:0x7f5e662aeec9 [ 483.723381][ T737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 483.723408][ T737] RSP: 002b:00007f5e64d17038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 483.723435][ T737] RAX: ffffffffffffffda RBX: 00007f5e66505fa0 RCX: 00007f5e662aeec9 [ 483.723453][ T737] RDX: 0000000000000001 RSI: 00002000000032c0 RDI: 0000000000000003 [ 483.723471][ T737] RBP: 00007f5e64d17090 R08: 0000000000000000 R09: 0000000000000000 [ 483.723490][ T737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 483.723508][ T737] R13: 00007f5e66506038 R14: 00007f5e66505fa0 R15: 00007ffc9af891a8 [ 483.723542][ T737] [ 483.732933][ T726] ext4 filesystem being mounted at /571/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 483.870706][ T748] netlink: 24 bytes leftover after parsing attributes in process `syz.3.11874'. [ 483.881136][ T726] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 483.883654][ T749] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=749 comm=syz.2.11871 [ 483.892103][ T726] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 484.042053][ T548] veth0_vlan: entered promiscuous mode [ 484.056784][ T726] EXT4-fs error (device loop9): ext4_do_update_inode:5624: inode #2: comm syz.9.11867: corrupted inode contents [ 484.057698][ T548] veth1_vlan: entered promiscuous mode [ 484.085881][ T726] EXT4-fs error (device loop9): ext4_dirty_inode:6509: inode #2: comm syz.9.11867: mark_inode_dirty error [ 484.088144][ T548] veth0_macvtap: entered promiscuous mode [ 484.104695][ T726] EXT4-fs error (device loop9): ext4_do_update_inode:5624: inode #2: comm syz.9.11867: corrupted inode contents [ 484.118252][ T726] EXT4-fs error (device loop9): __ext4_ext_dirty:206: inode #2: comm syz.9.11867: mark_inode_dirty error [ 484.118805][ T548] veth1_macvtap: entered promiscuous mode [ 484.132596][ T726] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 484.144333][ T726] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 484.154529][ T726] !yz!: rxe_newlink: already configured on team_slave_0 [ 484.157945][ T548] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 484.173624][ T548] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 484.185888][ T2870] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.195233][ T2870] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.205308][ T2870] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.216258][ T2870] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.225254][ T29] kauditd_printk_skb: 242 callbacks suppressed [ 484.225269][ T29] audit: type=1400 audit(1760349059.389:50878): avc: denied { ioctl } for pid=755 comm="syz.2.11876" path="pid:[4026532386]" dev="nsfs" ino=4026532386 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 484.265878][ T29] audit: type=1400 audit(1760349059.426:50879): avc: denied { mounton } for pid=548 comm="syz-executor" path="/root/syzkaller.Yltilv/syz-tmp" dev="sda1" ino=2091 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 484.291053][ T29] audit: type=1400 audit(1760349059.426:50880): avc: denied { mount } for pid=548 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 484.314467][ T29] audit: type=1400 audit(1760349059.436:50881): avc: denied { mount } for pid=548 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 484.336859][ T29] audit: type=1400 audit(1760349059.436:50882): avc: denied { mounton } for pid=548 comm="syz-executor" path="/root/syzkaller.Yltilv/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 484.364481][ T29] audit: type=1400 audit(1760349059.436:50883): avc: denied { mounton } for pid=548 comm="syz-executor" path="/root/syzkaller.Yltilv/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=114606 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 484.394022][ T29] audit: type=1400 audit(1760349059.482:50884): avc: denied { mounton } for pid=548 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=536 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 484.417034][ T29] audit: type=1400 audit(1760349059.482:50885): avc: denied { mount } for pid=548 comm="syz-executor" name="/" dev="gadgetfs" ino=4523 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 484.439789][ T29] audit: type=1400 audit(1760349059.501:50886): avc: denied { add_name } for pid=548 comm="syz-executor" name="syz8" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0" [ 484.464726][ T29] audit: type=1400 audit(1760349059.501:50887): avc: denied { associate } for pid=548 comm="syz-executor" name="syz8" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 484.525821][ T773] siw: device registration error -23 [ 484.588343][ T779] siw: device registration error -23 [ 484.605941][ T781] loop8: detected capacity change from 0 to 512 [ 484.613171][ T781] EXT4-fs: Ignoring removed nobh option [ 484.637211][ T781] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #3: comm syz.8.11882: corrupted inode contents [ 484.650448][ T781] EXT4-fs error (device loop8): ext4_dirty_inode:6509: inode #3: comm syz.8.11882: mark_inode_dirty error [ 484.662896][ T781] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #3: comm syz.8.11882: corrupted inode contents [ 484.675456][ T781] EXT4-fs error (device loop8): __ext4_ext_dirty:206: inode #3: comm syz.8.11882: mark_inode_dirty error [ 484.684109][ T787] netlink: 60 bytes leftover after parsing attributes in process `syz.1.11884'. [ 484.687721][ T781] EXT4-fs error (device loop8): ext4_acquire_dquot:6945: comm syz.8.11882: Failed to acquire dquot type 0 [ 484.695990][ T787] netlink: 12 bytes leftover after parsing attributes in process `syz.1.11884'. [ 484.711156][ T781] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #16: comm syz.8.11882: corrupted inode contents [ 484.716862][ T787] netlink: 60 bytes leftover after parsing attributes in process `syz.1.11884'. [ 484.730016][ T781] EXT4-fs error (device loop8): ext4_dirty_inode:6509: inode #16: comm syz.8.11882: mark_inode_dirty error [ 484.750405][ T781] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #16: comm syz.8.11882: corrupted inode contents [ 484.763206][ T787] netlink: 60 bytes leftover after parsing attributes in process `syz.1.11884'. [ 484.763256][ T781] EXT4-fs error (device loop8): __ext4_ext_dirty:206: inode #16: comm syz.8.11882: mark_inode_dirty error [ 484.772652][ T787] netlink: 12 bytes leftover after parsing attributes in process `syz.1.11884'. [ 484.784441][ T781] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #16: comm syz.8.11882: corrupted inode contents [ 484.793176][ T787] netlink: 60 bytes leftover after parsing attributes in process `syz.1.11884'. [ 484.807436][ T781] EXT4-fs error (device loop8) in ext4_orphan_del:301: Corrupt filesystem [ 484.824267][ T781] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #16: comm syz.8.11882: corrupted inode contents [ 484.837170][ T781] EXT4-fs error (device loop8): ext4_truncate:4637: inode #16: comm syz.8.11882: mark_inode_dirty error [ 484.843902][ T787] netlink: 60 bytes leftover after parsing attributes in process `syz.1.11884'. [ 484.848909][ T781] EXT4-fs error (device loop8) in ext4_process_orphan:343: Corrupt filesystem [ 484.867249][ T781] EXT4-fs (loop8): 1 truncate cleaned up [ 484.873473][ T781] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 484.886360][ T781] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 484.898041][ T781] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 484.908993][T26610] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 485.005432][ T797] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=797 comm=syz.1.11887 [ 485.054428][ T809] siw: device registration error -23 [ 485.074126][ T801] loop9: detected capacity change from 0 to 512 [ 485.107217][ T801] EXT4-fs (loop9): revision level too high, forcing read-only mode [ 485.116521][ T801] EXT4-fs (loop9): orphan cleanup on readonly fs [ 485.138004][ T823] loop3: detected capacity change from 0 to 512 [ 485.152524][ T801] EXT4-fs error (device loop9): ext4_do_update_inode:5624: inode #16: comm syz.9.11889: corrupted inode contents [ 485.154608][ T823] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 485.165242][ T801] EXT4-fs (loop9): Remounting filesystem read-only [ 485.185073][ T801] EXT4-fs (loop9): 1 truncate cleaned up [ 485.191095][ T3684] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 485.200004][ T823] ext4 filesystem being mounted at /200/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 485.202020][ T3684] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 485.215445][ T815] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 485.251724][ T823] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 485.261200][ T3684] EXT4-fs (loop9): Quota write (off=8, len=24) cancelled because transaction is not started [ 485.271414][ T834] FAULT_INJECTION: forcing a failure. [ 485.271414][ T834] name failslab, interval 1, probability 0, space 0, times 0 [ 485.271520][ T834] CPU: 0 UID: 0 PID: 834 Comm: syz.8.11898 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 485.271559][ T834] Tainted: [W]=WARN [ 485.271568][ T834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 485.271638][ T834] Call Trace: [ 485.271647][ T834] [ 485.271658][ T834] __dump_stack+0x1d/0x30 [ 485.271689][ T834] dump_stack_lvl+0xe8/0x140 [ 485.271717][ T834] dump_stack+0x15/0x1b [ 485.271743][ T834] should_fail_ex+0x265/0x280 [ 485.271842][ T834] should_failslab+0x8c/0xb0 [ 485.271883][ T834] kmem_cache_alloc_node_noprof+0x57/0x4a0 [ 485.271954][ T834] ? __alloc_skb+0x101/0x320 [ 485.271992][ T834] __alloc_skb+0x101/0x320 [ 485.272028][ T834] netlink_alloc_large_skb+0xbf/0xf0 [ 485.272090][ T834] netlink_sendmsg+0x3cf/0x6b0 [ 485.272136][ T834] ? __pfx_netlink_sendmsg+0x10/0x10 [ 485.272278][ T834] __sock_sendmsg+0x145/0x180 [ 485.272309][ T834] ____sys_sendmsg+0x31e/0x4e0 [ 485.272353][ T834] ___sys_sendmsg+0x17b/0x1d0 [ 485.272454][ T834] __x64_sys_sendmsg+0xd4/0x160 [ 485.272570][ T834] x64_sys_call+0x191e/0x3000 [ 485.272601][ T834] do_syscall_64+0xd2/0x200 [ 485.272636][ T834] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 485.272677][ T834] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 485.272722][ T834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.272751][ T834] RIP: 0033:0x7fcb32bbeec9 [ 485.272850][ T834] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 485.272879][ T834] RSP: 002b:00007fcb3161f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 485.272907][ T834] RAX: ffffffffffffffda RBX: 00007fcb32e15fa0 RCX: 00007fcb32bbeec9 [ 485.272927][ T834] RDX: 0000000000000010 RSI: 0000200000001340 RDI: 0000000000000003 [ 485.272944][ T834] RBP: 00007fcb3161f090 R08: 0000000000000000 R09: 0000000000000000 [ 485.272971][ T834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 485.272988][ T834] R13: 00007fcb32e16038 R14: 00007fcb32e15fa0 R15: 00007fff988a1238 [ 485.273017][ T834] [ 485.285045][ T823] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 485.303775][ T801] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 485.315656][ T60] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 485.425951][ T823] EXT4-fs error (device loop3): ext4_do_update_inode:5624: inode #2: comm syz.3.11896: corrupted inode contents [ 485.536861][T26610] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 485.546907][ T823] EXT4-fs error (device loop3): ext4_dirty_inode:6509: inode #2: comm syz.3.11896: mark_inode_dirty error [ 485.587693][ T823] EXT4-fs error (device loop3): ext4_do_update_inode:5624: inode #2: comm syz.3.11896: corrupted inode contents [ 485.597104][ T810] lo speed is unknown, defaulting to 1000 [ 485.619043][ T60] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 485.635619][ T823] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.11896: mark_inode_dirty error [ 485.657396][ T841] loop8: detected capacity change from 0 to 512 [ 485.664595][ T841] EXT4-fs: Ignoring removed nobh option [ 485.679973][ T60] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 485.685267][ T823] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 485.700852][ T823] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 485.748515][ T823] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 485.763159][ T854] siw: device registration error -23 [ 485.783572][ T841] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #3: comm syz.8.11902: corrupted inode contents [ 485.799241][ T60] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 485.810436][ T841] EXT4-fs error (device loop8): ext4_dirty_inode:6509: inode #3: comm syz.8.11902: mark_inode_dirty error [ 485.824183][ T841] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #3: comm syz.8.11902: corrupted inode contents [ 485.836475][ T841] EXT4-fs error (device loop8): __ext4_ext_dirty:206: inode #3: comm syz.8.11902: mark_inode_dirty error [ 485.848990][ T841] EXT4-fs error (device loop8): ext4_acquire_dquot:6945: comm syz.8.11902: Failed to acquire dquot type 0 [ 485.869309][ T841] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #16: comm syz.8.11902: corrupted inode contents [ 485.888302][ T841] EXT4-fs error (device loop8): ext4_dirty_inode:6509: inode #16: comm syz.8.11902: mark_inode_dirty error [ 485.905743][ T856] netdevsim netdevsim1: Direct firmware load for ./file0/file1 failed with error -2 [ 485.917513][ T60] bridge_slave_1: left allmulticast mode [ 485.922379][ T841] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #16: comm syz.8.11902: corrupted inode contents [ 485.923296][ T60] bridge_slave_1: left promiscuous mode [ 485.940990][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 485.950249][ T841] EXT4-fs error (device loop8): __ext4_ext_dirty:206: inode #16: comm syz.8.11902: mark_inode_dirty error [ 485.963289][ T60] bridge_slave_0: left allmulticast mode [ 485.969101][ T60] bridge_slave_0: left promiscuous mode [ 485.975541][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 485.995689][ T841] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #16: comm syz.8.11902: corrupted inode contents [ 486.010122][ T841] EXT4-fs error (device loop8) in ext4_orphan_del:301: Corrupt filesystem [ 486.029344][ T841] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #16: comm syz.8.11902: corrupted inode contents [ 486.051549][ T841] EXT4-fs error (device loop8): ext4_truncate:4637: inode #16: comm syz.8.11902: mark_inode_dirty error [ 486.064824][ T841] EXT4-fs error (device loop8) in ext4_process_orphan:343: Corrupt filesystem [ 486.094989][ T841] EXT4-fs (loop8): 1 truncate cleaned up [ 486.101412][ T841] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 486.126642][ T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 486.137344][ T841] ext4 filesystem being mounted at /7/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 486.152477][ T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 486.163436][ T60] bond0 (unregistering): Released all slaves [ 486.166189][ T841] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 486.183344][ T810] chnl_net:caif_netlink_parms(): no params data found [ 486.448000][ T823] Process accounting paused [ 486.458359][T29965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 486.475175][ T60] hsr_slave_0: left promiscuous mode [ 486.489357][ T60] hsr_slave_1: left promiscuous mode [ 486.499761][ T60] veth1_macvtap: left promiscuous mode [ 486.511856][ T60] veth0_macvtap: left promiscuous mode [ 486.520338][ T60] veth1_vlan: left promiscuous mode [ 486.525863][ T60] veth0_vlan: left promiscuous mode [ 486.587918][ T884] loop3: detected capacity change from 0 to 1024 [ 486.602990][ T884] EXT4-fs: Ignoring removed orlov option [ 486.619451][ T884] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 486.794111][ T60] team0 (unregistering): Port device team_slave_1 removed [ 486.830133][ T60] team0 (unregistering): Port device team_slave_0 removed [ 486.931651][ T810] bridge0: port 1(bridge_slave_0) entered blocking state [ 486.938998][ T810] bridge0: port 1(bridge_slave_0) entered disabled state [ 486.946943][ T810] bridge_slave_0: entered allmulticast mode [ 486.955452][ T810] bridge_slave_0: entered promiscuous mode [ 486.967803][ T810] bridge0: port 2(bridge_slave_1) entered blocking state [ 486.974992][ T810] bridge0: port 2(bridge_slave_1) entered disabled state [ 486.997134][ T810] bridge_slave_1: entered allmulticast mode [ 487.018715][ T810] bridge_slave_1: entered promiscuous mode [ 487.049461][ T810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 487.072377][ T810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 487.114825][T29965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 487.117667][ T810] team0: Port device team_slave_0 added [ 487.152820][ T810] team0: Port device team_slave_1 added [ 487.201306][ T810] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 487.208587][ T810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 487.210503][ T897] FAULT_INJECTION: forcing a failure. [ 487.210503][ T897] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 487.234670][ T810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 487.247728][ T897] CPU: 0 UID: 0 PID: 897 Comm: syz.9.11919 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 487.247769][ T897] Tainted: [W]=WARN [ 487.247777][ T897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 487.247808][ T897] Call Trace: [ 487.247817][ T897] [ 487.247827][ T897] __dump_stack+0x1d/0x30 [ 487.247854][ T897] dump_stack_lvl+0xe8/0x140 [ 487.247878][ T897] dump_stack+0x15/0x1b [ 487.247899][ T897] should_fail_ex+0x265/0x280 [ 487.248024][ T897] should_fail+0xb/0x20 [ 487.248057][ T897] should_fail_usercopy+0x1a/0x20 [ 487.248148][ T897] _copy_from_iter+0xd2/0xe80 [ 487.248187][ T897] ? alloc_pages_mpol+0x217/0x260 [ 487.248220][ T897] copy_page_from_iter+0x178/0x2a0 [ 487.248267][ T897] tun_get_user+0x679/0x26e0 [ 487.248328][ T897] ? ref_tracker_alloc+0x1f2/0x2f0 [ 487.248458][ T897] tun_chr_write_iter+0x15e/0x210 [ 487.248500][ T897] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 487.248538][ T897] vfs_write+0x52a/0x960 [ 487.248584][ T897] ksys_write+0xda/0x1a0 [ 487.248620][ T897] __x64_sys_write+0x40/0x50 [ 487.248676][ T897] x64_sys_call+0x2802/0x3000 [ 487.248707][ T897] do_syscall_64+0xd2/0x200 [ 487.248743][ T897] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 487.248801][ T897] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 487.248832][ T897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 487.248911][ T897] RIP: 0033:0x7f7e0da7d97f [ 487.248935][ T897] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 487.248962][ T897] RSP: 002b:00007f7e0c4e7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 487.248990][ T897] RAX: ffffffffffffffda RBX: 00007f7e0dcd5fa0 RCX: 00007f7e0da7d97f [ 487.249009][ T897] RDX: 0000000000000036 RSI: 0000200000000000 RDI: 00000000000000c8 [ 487.249026][ T897] RBP: 00007f7e0c4e7090 R08: 0000000000000000 R09: 0000000000000000 [ 487.249124][ T897] R10: 0000000000000036 R11: 0000000000000293 R12: 0000000000000001 [ 487.249142][ T897] R13: 00007f7e0dcd6038 R14: 00007f7e0dcd5fa0 R15: 00007ffd897ee558 [ 487.249169][ T897] [ 487.297590][ T897] Process accounting paused [ 487.308806][ T810] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 487.482957][ T810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 487.510173][ T810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 487.517306][ T903] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=903 comm=syz.1.11920 [ 487.576252][ T905] loop9: detected capacity change from 0 to 512 [ 487.604603][ T60] IPVS: stop unused estimator thread 0... [ 487.614191][ T905] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 487.628569][ T810] hsr_slave_0: entered promiscuous mode [ 487.638611][ T913] loop3: detected capacity change from 0 to 512 [ 487.644645][ T810] hsr_slave_1: entered promiscuous mode [ 487.645583][ T905] ext4 filesystem being mounted at /579/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 487.651236][ T810] debugfs: 'hsr0' already exists in 'hsr' [ 487.667197][ T810] Cannot create hsr debugfs directory [ 487.679981][ T913] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 487.683165][ T905] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 487.688202][ T913] EXT4-fs (loop3): orphan cleanup on readonly fs [ 487.697276][ T905] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 487.716135][ T913] EXT4-fs error (device loop3): ext4_do_update_inode:5624: inode #16: comm syz.3.11925: corrupted inode contents [ 487.744307][ T60] ------------[ cut here ]------------ [ 487.749837][ T60] WARNING: CPU: 0 PID: 60 at net/xfrm/xfrm_state.c:3306 xfrm_state_fini+0x179/0x1f0 [ 487.759599][ T60] Modules linked in: [ 487.763560][ T60] CPU: 0 UID: 0 PID: 60 Comm: kworker/u8:4 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 487.765270][ T905] EXT4-fs error (device loop9): ext4_do_update_inode:5624: inode #2: comm syz.9.11922: corrupted inode contents [ 487.775170][ T60] Tainted: [W]=WARN [ 487.775182][ T60] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 487.789251][ T913] EXT4-fs (loop3): Remounting filesystem read-only [ 487.791210][ T60] Workqueue: netns cleanup_net [ 487.801704][ T905] EXT4-fs error (device loop9): ext4_dirty_inode:6509: inode #2: comm syz.9.11922: mark_inode_dirty error [ 487.807932][ T60] [ 487.807942][ T60] RIP: 0010:xfrm_state_fini+0x179/0x1f0 [ 487.813231][ T913] EXT4-fs (loop3): 1 truncate cleaned up [ 487.824313][ T60] Code: 48 8d bb 70 0e 00 00 e8 65 a8 b7 fc 48 8b bb 70 0e 00 00 e8 e9 53 c4 fc 5b 41 5e 41 5f 5d c3 cc cc cc cc cc e8 38 51 9c fc 90 <0f> 0b 90 e9 d9 fe ff ff e8 2a 51 9c fc 90 0f 0b 90 4c 89 f7 e8 2e [ 487.859006][ T60] RSP: 0018:ffffc900001d3c60 EFLAGS: 00010293 [ 487.859449][ T905] EXT4-fs error (device loop9): ext4_do_update_inode:5624: inode #2: comm syz.9.11922: corrupted inode contents [ 487.865190][ T60] RAX: ffffffff84baee48 RBX: ffff88811908c680 RCX: ffff88810199b180 [ 487.877514][ T905] EXT4-fs error (device loop9): __ext4_ext_dirty:206: inode #2: comm syz.9.11922: mark_inode_dirty error [ 487.885458][ T60] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88811908d4c0 [ 487.885481][ T60] RBP: ffffffff86c91000 R08: 0001ffff8684802f R09: 0000000000000000 [ 487.913287][ T60] R10: ffffc900001d3be8 R11: 0001c900001d3be8 R12: ffffffff86c91020 [ 487.921907][ T60] R13: ffff88811908c6a8 R14: ffff88811908d4c0 R15: ffff88811908c680 [ 487.930075][ T60] FS: 0000000000000000(0000) GS:ffff8882aee3a000(0000) knlGS:0000000000000000 [ 487.939899][ T60] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 487.946574][ T60] CR2: 0000000000000000 CR3: 0000000119760000 CR4: 00000000003506f0 [ 487.954699][ T60] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 487.955124][ T905] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 487.962687][ T60] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 487.962712][ T60] Call Trace: [ 487.962721][ T60] [ 487.962734][ T60] xfrm_net_exit+0x2d/0x60 [ 487.989008][ T905] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 487.990246][ T60] ops_undo_list+0x27b/0x410 [ 487.998910][ T919] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 488.002738][ T60] cleanup_net+0x2f4/0x4f0 [ 488.002768][ T60] process_scheduled_works+0x4ce/0x9d0 [ 488.011528][ T905] !yz!: rxe_newlink: already configured on team_slave_0 [ 488.013976][ T60] worker_thread+0x582/0x770 [ 488.031190][ T60] kthread+0x489/0x510 [ 488.035394][ T60] ? finish_task_switch+0xad/0x2b0 [ 488.040661][ T60] ? __pfx_worker_thread+0x10/0x10 [ 488.045909][ T60] ? __pfx_kthread+0x10/0x10 [ 488.050616][ T60] ret_from_fork+0x122/0x1b0 [ 488.055372][ T60] ? __pfx_kthread+0x10/0x10 [ 488.060094][ T60] ret_from_fork_asm+0x1a/0x30 [ 488.064970][ T60] [ 488.068015][ T60] ---[ end trace 0000000000000000 ]--- [ 488.074346][ T3684] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 488.085211][ T3684] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 488.096239][ T3684] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 488.107222][ T913] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 488.121891][ T924] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=924 comm=syz.1.11928 [ 488.152812][T29965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 488.176134][ T929] loop3: detected capacity change from 0 to 512 [ 488.189407][ T929] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 488.198540][ T929] EXT4-fs (loop3): orphan cleanup on readonly fs [ 488.207021][ T929] EXT4-fs error (device loop3): ext4_do_update_inode:5624: inode #16: comm syz.3.11929: corrupted inode contents [ 488.219790][ T929] EXT4-fs (loop3): Remounting filesystem read-only [ 488.226710][ T929] EXT4-fs (loop3): 1 truncate cleaned up [ 488.245214][ T2870] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 488.255904][ T2870] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 488.267560][ T2870] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 488.278816][ T929] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 488.303725][T29965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 488.376572][ T810] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 488.388736][ T810] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 488.395799][ T943] loop3: detected capacity change from 0 to 1024 [ 488.403121][ T943] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 488.414297][ T943] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 488.425670][ T943] JBD2: no valid journal superblock found [ 488.427268][ T810] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 488.431465][ T943] EXT4-fs (loop3): Could not load journal inode [ 488.447772][ T810] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 488.455905][ T943] SELinux: security_context_str_to_sid (-Xܘ7.H\ %u@) failed with errno=-22 [ 488.468923][ T943] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=943 comm=syz.3.11935 [ 488.547257][ T810] 8021q: adding VLAN 0 to HW filter on device bond0 [ 488.581687][ T810] 8021q: adding VLAN 0 to HW filter on device team0 [ 488.592014][ T958] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=958 comm=syz.3.11939 [ 488.620611][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 488.627851][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 488.639225][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 488.646433][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 488.666762][T26610] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 488.757006][ T965] loop9: detected capacity change from 0 to 512 [ 488.764466][ T810] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 488.777555][ T965] EXT4-fs (loop9): revision level too high, forcing read-only mode [ 488.789810][ T965] EXT4-fs (loop9): orphan cleanup on readonly fs [ 488.798202][ T965] EXT4-fs error (device loop9): ext4_do_update_inode:5624: inode #16: comm syz.9.11941: corrupted inode contents [ 488.818373][ T977] loop3: detected capacity change from 0 to 764 [ 488.819774][ T965] EXT4-fs (loop9): Remounting filesystem read-only [ 488.828735][ T977] iso9660: Unknown parameter '9p' [ 488.845846][ T965] EXT4-fs (loop9): 1 truncate cleaned up [ 488.852719][ T60] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 488.863422][ T60] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 488.889299][ T60] EXT4-fs (loop9): Quota write (off=8, len=24) cancelled because transaction is not started [ 488.911308][ T965] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 488.964666][ T810] veth0_vlan: entered promiscuous mode [ 488.976147][T26610] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 488.987561][ T810] veth1_vlan: entered promiscuous mode [ 489.029134][ T810] veth0_macvtap: entered promiscuous mode [ 489.045024][ T810] veth1_macvtap: entered promiscuous mode [ 489.075835][ T810] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 489.106263][ T810] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 489.132037][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 489.176455][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 489.217052][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 489.219655][ T1005] loop8: detected capacity change from 0 to 512 [ 489.264252][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 489.282346][ T1005] EXT4-fs (loop8): revision level too high, forcing read-only mode [ 489.326582][ T1005] EXT4-fs (loop8): orphan cleanup on readonly fs [ 489.366387][ T1005] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #16: comm syz.8.11955: corrupted inode contents [ 489.420393][ T1005] EXT4-fs (loop8): Remounting filesystem read-only [ 489.443649][ T1005] EXT4-fs (loop8): 1 truncate cleaned up [ 489.449554][ T2870] EXT4-fs (loop8): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 489.460600][ T2870] EXT4-fs (loop8): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 489.504164][ T2870] EXT4-fs (loop8): Quota write (off=8, len=24) cancelled because transaction is not started [ 489.537092][ T1005] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 489.596065][ T548] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 489.698453][ T1033] siw: device registration error -23 [ 489.766235][ T1038] loop2: detected capacity change from 0 to 512 [ 489.791962][ T1038] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 489.806443][ T1038] EXT4-fs (loop2): orphan cleanup on readonly fs [ 489.817579][ T1038] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #16: comm syz.2.11967: corrupted inode contents [ 489.847110][ T1038] EXT4-fs (loop2): Remounting filesystem read-only [ 489.854336][ T1038] EXT4-fs (loop2): 1 truncate cleaned up [ 489.860278][ T12] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 489.870908][ T12] __quota_error: 253 callbacks suppressed [ 489.870927][ T12] Quota error (device loop2): write_blk: dquota write failed [ 489.884707][ T12] Quota error (device loop2): remove_free_dqentry: Can't write block (5) with free entries [ 489.894852][ T12] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 489.905470][ T12] Quota error (device loop2): write_blk: dquota write failed [ 489.912911][ T12] Quota error (device loop2): free_dqentry: Can't move quota data block (5) to free list [ 489.952000][ T1046] __nla_validate_parse: 10 callbacks suppressed [ 489.952021][ T1046] netlink: 24 bytes leftover after parsing attributes in process `syz.8.11970'. [ 489.954803][ T1049] netlink: 24 bytes leftover after parsing attributes in process `syz.3.11971'. [ 489.977339][ T12] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started [ 489.987490][ T12] Quota error (device loop2): v2_write_file_info: Can't write info structure [ 489.996905][ T12] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 490.014388][ T1038] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 490.040221][ T1049] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=1049 comm=syz.3.11971 [ 490.096086][ T810] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 490.109838][ T29] audit: type=1326 audit(1760349064.899:51107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1057 comm="syz.3.11976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5570e0eec9 code=0x7ffc0000 [ 490.148263][ T29] audit: type=1326 audit(1760349064.927:51108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1057 comm="syz.3.11976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5570e0eec9 code=0x7ffc0000 [ 490.172682][ T29] audit: type=1326 audit(1760349064.927:51109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1057 comm="syz.3.11976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5570e0eec9 code=0x7ffc0000 [ 490.196539][ T29] audit: type=1326 audit(1760349064.927:51110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1057 comm="syz.3.11976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5570e0eec9 code=0x7ffc0000 [ 490.204790][ T1056] netlink: 24 bytes leftover after parsing attributes in process `syz.8.11974'. [ 490.247812][ T1060] loop2: detected capacity change from 0 to 512 [ 490.255056][ T1060] EXT4-fs: Ignoring removed nobh option [ 490.264129][ T1062] loop3: detected capacity change from 0 to 512 [ 490.270770][ T1062] EXT4-fs: Ignoring removed nobh option [ 490.308619][ T1060] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #3: comm syz.2.11975: corrupted inode contents [ 490.308973][ T1062] EXT4-fs error (device loop3): ext4_do_update_inode:5624: inode #3: comm syz.3.11976: corrupted inode contents [ 490.324460][ T1071] loop8: detected capacity change from 0 to 512 [ 490.333688][ T1060] EXT4-fs error (device loop2): ext4_dirty_inode:6509: inode #3: comm syz.2.11975: mark_inode_dirty error [ 490.359919][ T1071] EXT4-fs (loop8): revision level too high, forcing read-only mode [ 490.368252][ T1071] EXT4-fs (loop8): orphan cleanup on readonly fs [ 490.375047][ T1062] EXT4-fs error (device loop3): ext4_dirty_inode:6509: inode #3: comm syz.3.11976: mark_inode_dirty error [ 490.387446][ T1060] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #3: comm syz.2.11975: corrupted inode contents [ 490.400996][ T1071] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #16: comm syz.8.11978: corrupted inode contents [ 490.414116][ T1062] EXT4-fs error (device loop3): ext4_do_update_inode:5624: inode #3: comm syz.3.11976: corrupted inode contents [ 490.426513][ T1060] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #3: comm syz.2.11975: mark_inode_dirty error [ 490.438625][ T1064] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11977'. [ 490.447749][ T1071] EXT4-fs (loop8): Remounting filesystem read-only [ 490.454831][ T1062] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #3: comm syz.3.11976: mark_inode_dirty error [ 490.469888][ T1060] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.11975: Failed to acquire dquot type 0 [ 490.482000][ T1071] EXT4-fs (loop8): 1 truncate cleaned up [ 490.487850][ T12] EXT4-fs (loop8): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 490.498531][ T12] EXT4-fs (loop8): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 490.524375][ T12] EXT4-fs (loop8): Quota write (off=8, len=24) cancelled because transaction is not started [ 490.534954][ T1062] EXT4-fs error (device loop3): ext4_acquire_dquot:6945: comm syz.3.11976: Failed to acquire dquot type 0 [ 490.546858][ T1060] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #16: comm syz.2.11975: corrupted inode contents [ 490.551640][ T1062] EXT4-fs error (device loop3): ext4_do_update_inode:5624: inode #16: comm syz.3.11976: corrupted inode contents [ 490.560004][ T1071] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 490.585151][ T1060] EXT4-fs error (device loop2): ext4_dirty_inode:6509: inode #16: comm syz.2.11975: mark_inode_dirty error [ 490.597111][ T1060] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #16: comm syz.2.11975: corrupted inode contents [ 490.609264][ T1062] EXT4-fs error (device loop3): ext4_dirty_inode:6509: inode #16: comm syz.3.11976: mark_inode_dirty error [ 490.625740][ T1060] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #16: comm syz.2.11975: mark_inode_dirty error [ 490.645411][ T548] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 490.654606][ T1060] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #16: comm syz.2.11975: corrupted inode contents [ 490.659764][ T1062] EXT4-fs error (device loop3): ext4_do_update_inode:5624: inode #16: comm syz.3.11976: corrupted inode contents [ 490.678944][ T1060] EXT4-fs error (device loop2) in ext4_orphan_del:301: Corrupt filesystem [ 490.687985][ T1060] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #16: comm syz.2.11975: corrupted inode contents [ 490.732814][ T1060] EXT4-fs error (device loop2): ext4_truncate:4637: inode #16: comm syz.2.11975: mark_inode_dirty error [ 490.754064][ T1060] EXT4-fs error (device loop2) in ext4_process_orphan:343: Corrupt filesystem [ 490.763157][ T1062] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #16: comm syz.3.11976: mark_inode_dirty error [ 490.795339][ T1062] EXT4-fs error (device loop3): ext4_do_update_inode:5624: inode #16: comm syz.3.11976: corrupted inode contents [ 490.819013][ T1060] EXT4-fs (loop2): 1 truncate cleaned up [ 490.825225][ T1060] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 490.839542][ T1062] EXT4-fs error (device loop3) in ext4_orphan_del:301: Corrupt filesystem [ 490.860192][ T1096] loop9: detected capacity change from 0 to 164 [ 490.861025][ T1060] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 490.870001][ T1062] EXT4-fs error (device loop3): ext4_do_update_inode:5624: inode #16: comm syz.3.11976: corrupted inode contents [ 490.900960][ T1096] ISOFS: unable to read i-node block [ 490.907167][ T1060] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 490.910703][ T1096] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 490.949593][ T1062] EXT4-fs error (device loop3): ext4_truncate:4637: inode #16: comm syz.3.11976: mark_inode_dirty error [ 490.949846][ T1094] netlink: 24 bytes leftover after parsing attributes in process `syz.8.11985'. [ 490.967884][ T1062] EXT4-fs error (device loop3) in ext4_process_orphan:343: Corrupt filesystem [ 491.021886][ T1062] EXT4-fs (loop3): 1 truncate cleaned up [ 491.043464][ T1062] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 491.070082][ T1062] ext4 filesystem being mounted at /221/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 491.103808][ T1062] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 491.324452][ T1127] netlink: 20 bytes leftover after parsing attributes in process `+}[@'. [ 491.377847][ T1130] SELinux: unknown common r [ 491.391960][ T1130] SELinux: failed to load policy [ 491.536849][ T1136] netlink: 24 bytes leftover after parsing attributes in process `syz.3.12003'. [ 491.560112][ T1137] loop9: detected capacity change from 0 to 764 [ 491.576493][ T1137] iso9660: Unknown parameter '9p' [ 491.714498][ T1143] netlink: 4 bytes leftover after parsing attributes in process `syz.3.12006'. [ 491.837727][ T1150] loop3: detected capacity change from 0 to 1024 [ 491.855527][ T1150] EXT4-fs: Ignoring removed orlov option [ 491.874489][ T1150] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 491.957018][ T1153] loop2: detected capacity change from 0 to 1024 [ 492.005459][ T1153] EXT4-fs: Ignoring removed orlov option [ 492.019928][ T1153] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 492.197972][ T1163] siw: device registration error -23 [ 492.527957][ T1177] loop8: detected capacity change from 0 to 512 [ 492.562531][ T1177] EXT4-fs (loop8): revision level too high, forcing read-only mode [ 492.586197][ T1177] EXT4-fs (loop8): orphan cleanup on readonly fs [ 492.597410][ T1177] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #16: comm syz.8.12020: corrupted inode contents [ 492.623344][ T1177] EXT4-fs (loop8): Remounting filesystem read-only [ 492.639080][ T1177] EXT4-fs (loop8): 1 truncate cleaned up [ 492.645991][ T37] EXT4-fs (loop8): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 492.656805][ T37] EXT4-fs (loop8): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 492.674554][ T37] EXT4-fs (loop8): Quota write (off=8, len=24) cancelled because transaction is not started [ 492.685484][ T1177] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 492.711859][ T548] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 492.762166][T29965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 492.813264][ T2870] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.884777][ T2870] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.927586][ T1178] lo speed is unknown, defaulting to 1000 [ 492.948318][ T2870] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 492.965005][ T810] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 492.966062][ T1201] loop8: detected capacity change from 0 to 164 [ 492.999700][ T1201] ISOFS: unable to read i-node block [ 493.013794][ T1201] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 493.026673][ T2870] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.136417][ T1215] loop8: detected capacity change from 0 to 164 [ 493.149277][ T1211] SELinux: failed to load policy [ 493.165512][ T1215] ISOFS: unable to read i-node block [ 493.171719][ T1215] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 493.195351][ T2870] bridge_slave_1: left allmulticast mode [ 493.201058][ T2870] bridge_slave_1: left promiscuous mode [ 493.206907][ T2870] bridge0: port 2(bridge_slave_1) entered disabled state [ 493.218103][ T1213] netlink: 24 bytes leftover after parsing attributes in process `syz.3.12031'. [ 493.227796][ T2870] bridge_slave_0: left allmulticast mode [ 493.233523][ T2870] bridge_slave_0: left promiscuous mode [ 493.239321][ T2870] bridge0: port 1(bridge_slave_0) entered disabled state [ 493.472625][ T2870] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 493.491805][ T2870] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 493.512969][ T2870] bond0 (unregistering): Released all slaves [ 493.645216][ T1235] loop8: detected capacity change from 0 to 512 [ 493.664061][ T1235] EXT4-fs (loop8): revision level too high, forcing read-only mode [ 493.714808][ T2870] hsr_slave_0: left promiscuous mode [ 493.721831][ T1245] loop3: detected capacity change from 0 to 164 [ 493.728421][ T1235] EXT4-fs (loop8): orphan cleanup on readonly fs [ 493.746329][ T2870] hsr_slave_1: left promiscuous mode [ 493.754107][ T1245] ISOFS: unable to read i-node block [ 493.760113][ T1235] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #16: comm syz.8.12039: corrupted inode contents [ 493.774548][ T1245] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 493.785619][ T2870] veth1_macvtap: left promiscuous mode [ 493.791291][ T2870] veth0_macvtap: left promiscuous mode [ 493.797758][ T1235] EXT4-fs (loop8): Remounting filesystem read-only [ 493.805164][ T2870] veth1_vlan: left promiscuous mode [ 493.810826][ T1235] EXT4-fs (loop8): 1 truncate cleaned up [ 493.816692][ T12] EXT4-fs (loop8): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 493.827456][ T12] EXT4-fs (loop8): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 493.838291][ T2870] veth0_vlan: left promiscuous mode [ 493.838323][ T12] EXT4-fs (loop8): Quota write (off=8, len=24) cancelled because transaction is not started [ 493.855053][ T1235] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 493.898840][ T548] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 494.024495][ T2870] team0 (unregistering): Port device team_slave_1 removed [ 494.037382][ T2870] team0 (unregistering): Port device team_slave_0 removed [ 494.150470][ T23] lo speed is unknown, defaulting to 1000 [ 494.150677][ T1178] chnl_net:caif_netlink_parms(): no params data found [ 494.156396][ T23] infiniband syz0: ib_query_port failed (-19) [ 494.345957][ T1262] lo speed is unknown, defaulting to 1000 [ 494.346213][ T1178] bridge0: port 1(bridge_slave_0) entered blocking state [ 494.358983][ T1178] bridge0: port 1(bridge_slave_0) entered disabled state [ 494.380359][ T1178] bridge_slave_0: entered allmulticast mode [ 494.398198][ T1178] bridge_slave_0: entered promiscuous mode [ 494.412003][ T1263] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 494.420014][ T1262] lo speed is unknown, defaulting to 1000 [ 494.420133][ T1178] bridge0: port 2(bridge_slave_1) entered blocking state [ 494.433404][ T1178] bridge0: port 2(bridge_slave_1) entered disabled state [ 494.454511][ T1264] netlink: 20 bytes leftover after parsing attributes in process `syz.8.12047'. [ 494.457688][ T1178] bridge_slave_1: entered allmulticast mode [ 494.474524][ T1178] bridge_slave_1: entered promiscuous mode [ 494.483925][ T1262] lo speed is unknown, defaulting to 1000 [ 494.494715][ T1262] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 494.517936][ T1178] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 494.527474][ T1262] lo speed is unknown, defaulting to 1000 [ 494.533640][ T1262] lo speed is unknown, defaulting to 1000 [ 494.542401][ T1178] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 494.562613][ T2870] ------------[ cut here ]------------ [ 494.568142][ T2870] WARNING: CPU: 1 PID: 2870 at net/xfrm/xfrm_state.c:3306 xfrm_state_fini+0x179/0x1f0 [ 494.577915][ T2870] Modules linked in: [ 494.582125][ T2870] CPU: 1 UID: 0 PID: 2870 Comm: kworker/u8:7 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 494.591718][ T1262] lo speed is unknown, defaulting to 1000 [ 494.593893][ T2870] Tainted: [W]=WARN [ 494.600281][ T1262] lo speed is unknown, defaulting to 1000 [ 494.603540][ T2870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 494.609888][ T1262] lo speed is unknown, defaulting to 1000 [ 494.619413][ T2870] Workqueue: netns cleanup_net [ 494.619449][ T2870] RIP: 0010:xfrm_state_fini+0x179/0x1f0 [ 494.635940][ T2870] Code: 48 8d bb 70 0e 00 00 e8 65 a8 b7 fc 48 8b bb 70 0e 00 00 e8 e9 53 c4 fc 5b 41 5e 41 5f 5d c3 cc cc cc cc cc e8 38 51 9c fc 90 <0f> 0b 90 e9 d9 fe ff ff e8 2a 51 9c fc 90 0f 0b 90 4c 89 f7 e8 2e [ 494.655971][ T2870] RSP: 0018:ffffc90003007c60 EFLAGS: 00010293 [ 494.662173][ T2870] RAX: ffffffff84baee48 RBX: ffff888119088000 RCX: ffff88810400c200 [ 494.670208][ T2870] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888119088e40 [ 494.678232][ T2870] RBP: ffffffff86c91000 R08: 0001ffff8684802f R09: 0000000000000000 [ 494.686314][ T2870] R10: ffffc90003007be8 R11: 0001c90003007be8 R12: ffffffff86c91020 [ 494.694558][ T2870] R13: ffff888119088028 R14: ffff888119088e40 R15: ffff888119088000 [ 494.702588][ T2870] FS: 0000000000000000(0000) GS:ffff8882aef3a000(0000) knlGS:0000000000000000 [ 494.711931][ T2870] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 494.718651][ T2870] CR2: 0000000000000000 CR3: 00000001185a6000 CR4: 00000000003506f0 [ 494.727143][ T2870] DR0: 0000200000000300 DR1: 0000200000000300 DR2: 0000200000000300 [ 494.735526][ T2870] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 494.743570][ T2870] Call Trace: [ 494.746880][ T2870] [ 494.750011][ T2870] xfrm_net_exit+0x2d/0x60 [ 494.754648][ T2870] ops_undo_list+0x27b/0x410 [ 494.759461][ T2870] cleanup_net+0x2f4/0x4f0 [ 494.764024][ T2870] process_scheduled_works+0x4ce/0x9d0 [ 494.769621][ T2870] worker_thread+0x582/0x770 [ 494.774341][ T2870] kthread+0x489/0x510 [ 494.778448][ T2870] ? finish_task_switch+0xad/0x2b0 [ 494.783660][ T2870] ? __pfx_worker_thread+0x10/0x10 [ 494.788888][ T2870] ? __pfx_kthread+0x10/0x10 [ 494.793670][ T2870] ret_from_fork+0x122/0x1b0 [ 494.798582][ T2870] ? __pfx_kthread+0x10/0x10 [ 494.803243][ T2870] ret_from_fork_asm+0x1a/0x30 [ 494.808126][ T2870] [ 494.811247][ T2870] ---[ end trace 0000000000000000 ]--- [ 494.827099][ T1178] team0: Port device team_slave_0 added [ 494.834405][ T1178] team0: Port device team_slave_1 added [ 494.857047][ T1178] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 494.864298][ T1178] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 494.890543][ T1178] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 494.904140][ T1178] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 494.911137][ T1178] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 494.937690][ T1178] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 494.989671][ T1178] hsr_slave_0: entered promiscuous mode [ 494.995964][ T1178] hsr_slave_1: entered promiscuous mode [ 495.020654][ T1178] debugfs: 'hsr0' already exists in 'hsr' [ 495.026581][ T1178] Cannot create hsr debugfs directory [ 495.144964][ T1307] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=1307 comm=syz.3.12059 [ 495.421615][ T1178] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 495.468394][ T1178] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 495.501001][ T1315] loop2: detected capacity change from 0 to 512 [ 495.509962][ T1178] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 495.519944][ T1315] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 495.530010][ T1301] Process accounting paused [ 495.543101][ T1178] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 495.543421][ T1315] EXT4-fs (loop2): orphan cleanup on readonly fs [ 495.558442][ T1315] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #16: comm syz.2.12062: corrupted inode contents [ 495.570981][ T1315] EXT4-fs (loop2): Remounting filesystem read-only [ 495.578152][ T1315] EXT4-fs (loop2): 1 truncate cleaned up [ 495.602604][ T12] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 495.613377][ T12] __quota_error: 200 callbacks suppressed [ 495.613398][ T12] Quota error (device loop2): write_blk: dquota write failed [ 495.626670][ T12] Quota error (device loop2): remove_free_dqentry: Can't write block (5) with free entries [ 495.637008][ T12] EXT4-fs (loop2): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 495.647737][ T12] Quota error (device loop2): write_blk: dquota write failed [ 495.655283][ T12] Quota error (device loop2): free_dqentry: Can't move quota data block (5) to free list [ 495.665859][ T12] EXT4-fs (loop2): Quota write (off=8, len=24) cancelled because transaction is not started [ 495.676075][ T12] Quota error (device loop2): v2_write_file_info: Can't write info structure [ 495.685373][ T12] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 495.696541][ T1315] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 495.718043][ T29] audit: type=1326 audit(1760349070.147:51287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1328 comm="syz.1.12064" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5e662aeec9 code=0x0 [ 495.757673][ T810] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 495.789911][ T29] audit: type=1400 audit(1760349070.213:51288): avc: denied { write } for pid=1330 comm="syz.2.12065" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 495.804092][ T1178] 8021q: adding VLAN 0 to HW filter on device bond0 [ 495.823991][ T1178] 8021q: adding VLAN 0 to HW filter on device team0 [ 495.834381][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 495.841715][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 495.860680][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 495.868022][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 495.871085][ T29] audit: type=1400 audit(1760349070.278:51289): avc: denied { read } for pid=1330 comm="syz.2.12065" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 495.905437][ T1178] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 495.992278][ T1341] loop8: detected capacity change from 0 to 512 [ 496.005117][ T1178] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 496.014279][ T1341] EXT4-fs (loop8): revision level too high, forcing read-only mode [ 496.025436][ T1341] EXT4-fs (loop8): orphan cleanup on readonly fs [ 496.043200][ T1341] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #16: comm syz.8.12066: corrupted inode contents [ 496.066472][ T1341] EXT4-fs (loop8): Remounting filesystem read-only [ 496.082160][ T1341] EXT4-fs (loop8): 1 truncate cleaned up [ 496.089772][ T2870] EXT4-fs (loop8): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 496.100448][ T2870] Quota error (device loop8): write_blk: dquota write failed [ 496.108084][ T2870] EXT4-fs (loop8): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 496.120457][ T2870] EXT4-fs (loop8): Quota write (off=8, len=24) cancelled because transaction is not started [ 496.138095][ T1341] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 496.176692][ T1355] FAULT_INJECTION: forcing a failure. [ 496.176692][ T1355] name failslab, interval 1, probability 0, space 0, times 0 [ 496.189575][ T1355] CPU: 0 UID: 0 PID: 1355 Comm: syz.2.12067 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 496.189674][ T1355] Tainted: [W]=WARN [ 496.189683][ T1355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 496.189701][ T1355] Call Trace: [ 496.189712][ T1355] [ 496.189723][ T1355] __dump_stack+0x1d/0x30 [ 496.189750][ T1355] dump_stack_lvl+0xe8/0x140 [ 496.189842][ T1355] dump_stack+0x15/0x1b [ 496.189867][ T1355] should_fail_ex+0x265/0x280 [ 496.189976][ T1355] should_failslab+0x8c/0xb0 [ 496.190011][ T1355] kmem_cache_alloc_node_noprof+0x57/0x4a0 [ 496.190050][ T1355] ? __alloc_skb+0x101/0x320 [ 496.190116][ T1355] __alloc_skb+0x101/0x320 [ 496.190178][ T1355] netlink_alloc_large_skb+0xbf/0xf0 [ 496.190213][ T1355] netlink_sendmsg+0x3cf/0x6b0 [ 496.190251][ T1355] ? __pfx_netlink_sendmsg+0x10/0x10 [ 496.190329][ T1355] __sock_sendmsg+0x145/0x180 [ 496.190354][ T1355] ____sys_sendmsg+0x31e/0x4e0 [ 496.190397][ T1355] ___sys_sendmsg+0x17b/0x1d0 [ 496.190453][ T1355] __x64_sys_sendmsg+0xd4/0x160 [ 496.190525][ T1355] x64_sys_call+0x191e/0x3000 [ 496.190555][ T1355] do_syscall_64+0xd2/0x200 [ 496.190588][ T1355] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 496.190647][ T1355] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 496.190678][ T1355] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 496.190708][ T1355] RIP: 0033:0x7fe8e548eec9 [ 496.190729][ T1355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 496.190823][ T1355] RSP: 002b:00007fe8e3ef7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 496.190849][ T1355] RAX: ffffffffffffffda RBX: 00007fe8e56e5fa0 RCX: 00007fe8e548eec9 [ 496.190865][ T1355] RDX: 0000000000000100 RSI: 00002000000002c0 RDI: 0000000000000004 [ 496.190883][ T1355] RBP: 00007fe8e3ef7090 R08: 0000000000000000 R09: 0000000000000000 [ 496.190900][ T1355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 496.190918][ T1355] R13: 00007fe8e56e6038 R14: 00007fe8e56e5fa0 R15: 00007ffeef92f618 [ 496.190943][ T1355] [ 496.235696][ T1178] veth0_vlan: entered promiscuous mode [ 496.410926][ T548] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 496.414616][ T1359] loop2: detected capacity change from 0 to 164 [ 496.427855][ T1359] ISOFS: unable to read i-node block [ 496.433376][ T1359] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 496.453935][ T1178] veth1_vlan: entered promiscuous mode [ 496.493522][ T1178] veth0_macvtap: entered promiscuous mode [ 496.508877][ T1178] veth1_macvtap: entered promiscuous mode [ 496.522880][ T1178] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 496.538533][ T1178] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 496.542119][ T1370] SELinux: ebitmap: truncated map [ 496.554228][ T1370] SELinux: failed to load policy [ 496.567186][ T3684] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 496.588161][ T3684] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 496.615562][ T1374] loop2: detected capacity change from 0 to 512 [ 496.623325][ T1374] EXT4-fs: Ignoring removed nobh option [ 496.623520][ T12] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 496.648476][ T12] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 496.669343][ T1374] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #3: comm syz.2.12075: corrupted inode contents [ 496.683484][ T1376] __nla_validate_parse: 1 callbacks suppressed [ 496.683505][ T1376] netlink: 24 bytes leftover after parsing attributes in process `syz.3.12076'. [ 496.705233][ T1374] EXT4-fs error (device loop2): ext4_dirty_inode:6509: inode #3: comm syz.2.12075: mark_inode_dirty error [ 496.722754][ T1374] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #3: comm syz.2.12075: corrupted inode contents [ 496.735005][ T1386] netlink: 4 bytes leftover after parsing attributes in process `syz.9.12018'. [ 496.753354][ T1386] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 496.760896][ T1386] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 496.768654][ T1374] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #3: comm syz.2.12075: mark_inode_dirty error [ 496.795021][ T1374] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.12075: Failed to acquire dquot type 0 [ 496.815459][ T1386] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 496.819799][ T1390] syz!: rxe_newlink: already configured on team_slave_0 [ 496.822900][ T1386] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 496.839015][ T1374] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #16: comm syz.2.12075: corrupted inode contents [ 496.863122][ T1374] EXT4-fs error (device loop2): ext4_dirty_inode:6509: inode #16: comm syz.2.12075: mark_inode_dirty error [ 496.875676][ T1393] netlink: 24 bytes leftover after parsing attributes in process `syz.3.12079'. [ 496.877949][ T1374] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #16: comm syz.2.12075: corrupted inode contents [ 496.898740][ T1374] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #16: comm syz.2.12075: mark_inode_dirty error [ 496.917040][ T1374] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #16: comm syz.2.12075: corrupted inode contents [ 496.930678][ T1393] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=1393 comm=syz.3.12079 [ 496.944484][ T1374] EXT4-fs error (device loop2) in ext4_orphan_del:301: Corrupt filesystem [ 496.955671][ T1374] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #16: comm syz.2.12075: corrupted inode contents [ 496.982850][ T1374] EXT4-fs error (device loop2): ext4_truncate:4637: inode #16: comm syz.2.12075: mark_inode_dirty error [ 496.997766][ T1374] EXT4-fs error (device loop2) in ext4_process_orphan:343: Corrupt filesystem [ 497.010192][ T1374] EXT4-fs (loop2): 1 truncate cleaned up [ 497.032836][ T1374] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 497.077200][ T1374] ext4 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 497.095292][ T1406] pim6reg1: entered promiscuous mode [ 497.100802][ T1406] pim6reg1: entered allmulticast mode [ 497.101970][ T1374] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 497.320131][ T1421] loop3: detected capacity change from 0 to 512 [ 497.350299][ T1421] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 497.358665][ T1421] EXT4-fs (loop3): orphan cleanup on readonly fs [ 497.369609][ T1421] EXT4-fs error (device loop3): ext4_do_update_inode:5624: inode #16: comm syz.3.12091: corrupted inode contents [ 497.389884][ T1421] EXT4-fs (loop3): Remounting filesystem read-only [ 497.402385][ T1421] EXT4-fs (loop3): 1 truncate cleaned up [ 497.408539][ T3671] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 497.419270][ T3671] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 497.450401][ T1425] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 497.460142][ T3671] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 497.470648][ T1425] SELinux: failed to load policy [ 497.477091][ T1421] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 497.501598][ T1427] loop8: detected capacity change from 0 to 512 [ 497.518017][T29965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 497.527936][ T1427] EXT4-fs (loop8): revision level too high, forcing read-only mode [ 497.537410][ T1427] EXT4-fs (loop8): orphan cleanup on readonly fs [ 497.545725][ T1427] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #16: comm syz.8.12093: corrupted inode contents [ 497.558252][ T1427] EXT4-fs (loop8): Remounting filesystem read-only [ 497.565107][ T1427] EXT4-fs (loop8): 1 truncate cleaned up [ 497.571000][ T37] EXT4-fs (loop8): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 497.581835][ T37] EXT4-fs (loop8): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 497.592829][ T37] EXT4-fs (loop8): Quota write (off=8, len=24) cancelled because transaction is not started [ 497.603950][ T1427] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 497.635183][ T548] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 497.677914][ T1435] FAULT_INJECTION: forcing a failure. [ 497.677914][ T1435] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 497.691151][ T1435] CPU: 0 UID: 0 PID: 1435 Comm: syz.8.12096 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 497.691231][ T1435] Tainted: [W]=WARN [ 497.691239][ T1435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 497.691252][ T1435] Call Trace: [ 497.691259][ T1435] [ 497.691268][ T1435] __dump_stack+0x1d/0x30 [ 497.691349][ T1435] dump_stack_lvl+0xe8/0x140 [ 497.691370][ T1435] dump_stack+0x15/0x1b [ 497.691387][ T1435] should_fail_ex+0x265/0x280 [ 497.691435][ T1435] should_fail+0xb/0x20 [ 497.691468][ T1435] should_fail_usercopy+0x1a/0x20 [ 497.691490][ T1435] _copy_from_user+0x1c/0xb0 [ 497.691539][ T1435] __sys_bpf+0x183/0x7c0 [ 497.691582][ T1435] __x64_sys_bpf+0x41/0x50 [ 497.691612][ T1435] x64_sys_call+0x2aee/0x3000 [ 497.691713][ T1435] do_syscall_64+0xd2/0x200 [ 497.691738][ T1435] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 497.691768][ T1435] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 497.691798][ T1435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 497.691839][ T1435] RIP: 0033:0x7fcb32bbeec9 [ 497.691855][ T1435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 497.691875][ T1435] RSP: 002b:00007fcb3161f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 497.691896][ T1435] RAX: ffffffffffffffda RBX: 00007fcb32e15fa0 RCX: 00007fcb32bbeec9 [ 497.691909][ T1435] RDX: 0000000000000018 RSI: 0000200000000700 RDI: 0000000000000011 [ 497.691970][ T1435] RBP: 00007fcb3161f090 R08: 0000000000000000 R09: 0000000000000000 [ 497.691983][ T1435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 497.691996][ T1435] R13: 00007fcb32e16038 R14: 00007fcb32e15fa0 R15: 00007fff988a1238 [ 497.692017][ T1435] [ 497.928558][ T1439] pim6reg1: entered promiscuous mode [ 497.934012][ T1439] pim6reg1: entered allmulticast mode [ 497.985999][ T1447] loop3: detected capacity change from 0 to 512 [ 498.001910][ T1447] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 498.010446][ T1447] EXT4-fs (loop3): orphan cleanup on readonly fs [ 498.018467][ T1447] EXT4-fs error (device loop3): ext4_do_update_inode:5624: inode #16: comm syz.3.12102: corrupted inode contents [ 498.031004][ T1447] EXT4-fs (loop3): Remounting filesystem read-only [ 498.037863][ T1447] EXT4-fs (loop3): 1 truncate cleaned up [ 498.052153][ T3684] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 498.063188][ T3684] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 498.074001][ T3684] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 498.086299][ T1447] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 498.146828][ T1453] SELinux: policydb magic number 0x0 does not match expected magic number 0xf97cff8c [ 498.158857][T29965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 498.168877][ T1453] SELinux: failed to load policy [ 498.306875][ T1469] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 498.410521][ T1475] loop8: detected capacity change from 0 to 512 [ 498.442586][ T1475] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 498.484189][ T1475] ext4 filesystem being mounted at /51/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 498.528551][ T1475] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 498.559199][ T1475] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 498.695657][ T1475] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #2: comm syz.8.12113: corrupted inode contents [ 498.703334][ T1485] siw: device registration error -23 [ 498.714671][ T1475] EXT4-fs error (device loop8): ext4_dirty_inode:6509: inode #2: comm syz.8.12113: mark_inode_dirty error [ 498.730430][ T1475] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #2: comm syz.8.12113: corrupted inode contents [ 498.740884][ T1485] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12116'. [ 498.753373][ T1475] EXT4-fs error (device loop8): __ext4_ext_dirty:206: inode #2: comm syz.8.12113: mark_inode_dirty error [ 498.766268][ T1475] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 498.775068][ T1475] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 498.832750][ T1475] infiniband !yz!: set active [ 498.837559][ T1475] infiniband !yz!: added team_slave_0 [ 498.859346][ T1475] RDS/IB: !yz!: added [ 499.119663][ T1497] loop3: detected capacity change from 0 to 764 [ 499.126323][ T1497] iso9660: Unknown parameter '9p' [ 499.530552][ T1509] infiniband syz2: set active [ 499.535298][ T1509] infiniband syz2: added bond0 [ 499.557712][ T1509] RDS/IB: syz2: added [ 499.721532][ T548] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 499.736745][ T1512] netlink: 24 bytes leftover after parsing attributes in process `syz.2.12128'. [ 499.798088][ T1512] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=1512 comm=syz.2.12128 [ 499.920522][ T1529] loop2: detected capacity change from 0 to 128 [ 499.934831][ T1529] FAT-fs (loop2): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 499.970034][ T1520] loop8: detected capacity change from 0 to 764 [ 499.992993][ T1529] xt_CT: You must specify a L4 protocol and not use inversions on it [ 500.002844][ T1520] iso9660: Unknown parameter '9p' [ 500.008223][ T1535] loop9: detected capacity change from 0 to 512 [ 500.014627][ T1529] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100) [ 500.014673][ T1529] FAT-fs (loop2): Filesystem has been set read-only [ 500.022625][ T1529] syz.2.12133: attempt to access beyond end of device [ 500.022625][ T1529] loop2: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 500.054258][ T1537] siw: device registration error -23 [ 500.064469][ T1535] EXT4-fs (loop9): revision level too high, forcing read-only mode [ 500.067157][ T1537] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12137'. [ 500.075133][ T1535] EXT4-fs (loop9): orphan cleanup on readonly fs [ 500.128697][ T1535] EXT4-fs error (device loop9): ext4_do_update_inode:5624: inode #16: comm syz.9.12136: corrupted inode contents [ 500.150303][ T1535] EXT4-fs (loop9): Remounting filesystem read-only [ 500.157132][ T1535] EXT4-fs (loop9): 1 truncate cleaned up [ 500.163076][ T3671] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 500.173835][ T3671] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 500.184657][ T3671] EXT4-fs (loop9): Quota write (off=8, len=24) cancelled because transaction is not started [ 500.195690][ T1535] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 500.215244][ T1550] loop8: detected capacity change from 0 to 512 [ 500.222518][ T1178] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 500.253226][ T1554] FAULT_INJECTION: forcing a failure. [ 500.253226][ T1554] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 500.266897][ T1554] CPU: 0 UID: 0 PID: 1554 Comm: syz.9.12140 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 500.266936][ T1554] Tainted: [W]=WARN [ 500.266943][ T1554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 500.266963][ T1554] Call Trace: [ 500.267040][ T1554] [ 500.267049][ T1554] __dump_stack+0x1d/0x30 [ 500.267083][ T1554] dump_stack_lvl+0xe8/0x140 [ 500.267173][ T1554] dump_stack+0x15/0x1b [ 500.267192][ T1554] should_fail_ex+0x265/0x280 [ 500.267237][ T1554] should_fail+0xb/0x20 [ 500.267332][ T1554] should_fail_usercopy+0x1a/0x20 [ 500.267359][ T1554] _copy_from_iter+0xd2/0xe80 [ 500.267392][ T1554] ? alloc_pages_mpol+0x217/0x260 [ 500.267480][ T1554] copy_page_from_iter+0x178/0x2a0 [ 500.267507][ T1554] tun_get_user+0x679/0x26e0 [ 500.267544][ T1554] ? ref_tracker_alloc+0x1f2/0x2f0 [ 500.267654][ T1554] tun_chr_write_iter+0x15e/0x210 [ 500.267693][ T1554] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 500.267721][ T1554] vfs_write+0x52a/0x960 [ 500.267751][ T1554] ksys_write+0xda/0x1a0 [ 500.267777][ T1554] __x64_sys_write+0x40/0x50 [ 500.267881][ T1554] x64_sys_call+0x2802/0x3000 [ 500.267975][ T1554] do_syscall_64+0xd2/0x200 [ 500.268061][ T1554] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 500.268140][ T1554] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 500.268164][ T1554] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 500.268186][ T1554] RIP: 0033:0x7fafb3ebd97f [ 500.268204][ T1554] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 500.268224][ T1554] RSP: 002b:00007fafb2927000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 500.268244][ T1554] RAX: ffffffffffffffda RBX: 00007fafb4115fa0 RCX: 00007fafb3ebd97f [ 500.268257][ T1554] RDX: 0000000000000036 RSI: 0000200000000100 RDI: 00000000000000c8 [ 500.268294][ T1554] RBP: 00007fafb2927090 R08: 0000000000000000 R09: 0000000000000000 [ 500.268307][ T1554] R10: 0000000000000036 R11: 0000000000000293 R12: 0000000000000001 [ 500.268319][ T1554] R13: 00007fafb4116038 R14: 00007fafb4115fa0 R15: 00007fffb6a31e88 [ 500.268340][ T1554] [ 500.500457][ T1550] EXT4-fs (loop8): revision level too high, forcing read-only mode [ 500.509006][ T1550] EXT4-fs (loop8): orphan cleanup on readonly fs [ 500.526553][ T1550] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #16: comm syz.8.12139: corrupted inode contents [ 500.539569][ T1550] EXT4-fs (loop8): Remounting filesystem read-only [ 500.549627][ T1562] netlink: 24 bytes leftover after parsing attributes in process `syz.1.12143'. [ 500.559574][ T1550] EXT4-fs (loop8): 1 truncate cleaned up [ 500.565560][ T3671] EXT4-fs (loop8): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 500.576290][ T3671] EXT4-fs (loop8): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 500.587759][ T3671] EXT4-fs (loop8): Quota write (off=8, len=24) cancelled because transaction is not started [ 500.603135][ T1562] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=1562 comm=syz.1.12143 [ 500.604027][ T1550] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 500.664316][ T548] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 500.757828][ T1574] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 500.809583][ T1575] loop8: detected capacity change from 0 to 764 [ 500.825087][ T1575] iso9660: Unknown parameter '9p' [ 500.923991][ T1582] loop3: detected capacity change from 0 to 512 [ 500.964627][ T29] kauditd_printk_skb: 354 callbacks suppressed [ 500.964643][ T29] audit: type=1326 audit(1760349075.059:51607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1586 comm="syz.8.12154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fcb32bbd97f code=0x7ffc0000 [ 501.003080][ T1587] loop8: detected capacity change from 0 to 512 [ 501.010224][ T1582] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 501.018850][ T1587] EXT4-fs: Ignoring removed nobh option [ 501.025055][ T1582] EXT4-fs (loop3): orphan cleanup on readonly fs [ 501.032139][ T29] audit: type=1326 audit(1760349075.087:51608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1586 comm="syz.8.12154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fcb32bbef57 code=0x7ffc0000 [ 501.055983][ T29] audit: type=1326 audit(1760349075.087:51609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1586 comm="syz.8.12154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcb32bbd710 code=0x7ffc0000 [ 501.079809][ T29] audit: type=1326 audit(1760349075.087:51610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1586 comm="syz.8.12154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fcb32bbeacb code=0x7ffc0000 [ 501.097434][ T1582] EXT4-fs error (device loop3): ext4_do_update_inode:5624: inode #16: comm syz.3.12151: corrupted inode contents [ 501.103571][ T29] audit: type=1326 audit(1760349075.106:51611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1586 comm="syz.8.12154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fcb32bbdb2a code=0x7ffc0000 [ 501.116289][ T1582] EXT4-fs (loop3): Remounting filesystem read-only [ 501.139831][ T29] audit: type=1326 audit(1760349075.106:51612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1586 comm="syz.8.12154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fcb32bbdb2a code=0x7ffc0000 [ 501.146733][ T1582] EXT4-fs (loop3): 1 truncate cleaned up [ 501.170090][ T29] audit: type=1326 audit(1760349075.106:51613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1586 comm="syz.8.12154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fcb32bbd617 code=0x7ffc0000 [ 501.170183][ T29] audit: type=1326 audit(1760349075.106:51614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1586 comm="syz.8.12154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fcb32bc066a code=0x7ffc0000 [ 501.176075][ T37] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 501.200043][ T29] audit: type=1326 audit(1760349075.106:51615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1589 comm="syz.2.12155" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8e548eec9 code=0x7ffc0000 [ 501.223924][ T37] Quota error (device loop3): write_blk: dquota write failed [ 501.246131][ T1587] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #3: comm syz.8.12154: corrupted inode contents [ 501.258421][ T37] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 501.266220][ T1587] EXT4-fs error (device loop8): ext4_dirty_inode:6509: inode #3: comm syz.8.12154: mark_inode_dirty error [ 501.278300][ T37] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started [ 501.289320][ T1587] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #3: comm syz.8.12154: corrupted inode contents [ 501.323483][ T1582] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 501.336965][ T1600] netlink: 24 bytes leftover after parsing attributes in process `syz.1.12157'. [ 501.353457][ T1587] EXT4-fs error (device loop8): __ext4_ext_dirty:206: inode #3: comm syz.8.12154: mark_inode_dirty error [ 501.372733][ T1602] netlink: 24 bytes leftover after parsing attributes in process `syz.9.12158'. [ 501.382867][ T1587] EXT4-fs error (device loop8): ext4_acquire_dquot:6945: comm syz.8.12154: Failed to acquire dquot type 0 [ 501.395813][ T1587] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #16: comm syz.8.12154: corrupted inode contents [ 501.408060][ T1587] EXT4-fs error (device loop8): ext4_dirty_inode:6509: inode #16: comm syz.8.12154: mark_inode_dirty error [ 501.420160][T29965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 501.430244][ T1587] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #16: comm syz.8.12154: corrupted inode contents [ 501.443327][ T1602] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=1602 comm=syz.9.12158 [ 501.450629][ T1587] EXT4-fs error (device loop8): __ext4_ext_dirty:206: inode #16: comm syz.8.12154: mark_inode_dirty error [ 501.473269][ T1600] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=1600 comm=syz.1.12157 [ 501.496526][ T1587] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #16: comm syz.8.12154: corrupted inode contents [ 501.509599][ T1587] EXT4-fs error (device loop8) in ext4_orphan_del:301: Corrupt filesystem [ 501.518309][ T1587] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #16: comm syz.8.12154: corrupted inode contents [ 501.538993][ T1587] EXT4-fs error (device loop8): ext4_truncate:4637: inode #16: comm syz.8.12154: mark_inode_dirty error [ 501.560778][ T1587] EXT4-fs error (device loop8) in ext4_process_orphan:343: Corrupt filesystem [ 501.572028][ T1587] EXT4-fs (loop8): 1 truncate cleaned up [ 501.589721][ T1587] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 501.602383][ T1614] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 501.612423][ T1611] netlink: 24 bytes leftover after parsing attributes in process `syz.3.12160'. [ 501.631058][ T1587] ext4 filesystem being mounted at /58/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 501.649429][ T1587] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 501.733600][ T1626] pim6reg1: entered promiscuous mode [ 501.739275][ T1626] pim6reg1: entered allmulticast mode [ 501.796839][ T1625] !yz!: rxe_newlink: already configured on team_slave_0 [ 501.825595][ T1630] FAULT_INJECTION: forcing a failure. [ 501.825595][ T1630] name failslab, interval 1, probability 0, space 0, times 0 [ 501.838584][ T1630] CPU: 0 UID: 0 PID: 1630 Comm: syz.8.12170 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 501.838641][ T1630] Tainted: [W]=WARN [ 501.838648][ T1630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 501.838721][ T1630] Call Trace: [ 501.838730][ T1630] [ 501.838740][ T1630] __dump_stack+0x1d/0x30 [ 501.838765][ T1630] dump_stack_lvl+0xe8/0x140 [ 501.838790][ T1630] dump_stack+0x15/0x1b [ 501.838812][ T1630] should_fail_ex+0x265/0x280 [ 501.838930][ T1630] should_failslab+0x8c/0xb0 [ 501.839036][ T1630] __kmalloc_noprof+0xa5/0x570 [ 501.839074][ T1630] ? io_cache_alloc_new+0x2a/0xb0 [ 501.839149][ T1630] io_cache_alloc_new+0x2a/0xb0 [ 501.839189][ T1630] __io_prep_rw+0xcf/0x6d0 [ 501.839231][ T1630] ? __rcu_read_unlock+0x4f/0x70 [ 501.839258][ T1630] io_prep_rwv+0x33/0x250 [ 501.839327][ T1630] io_prep_writev+0x22/0x30 [ 501.839357][ T1630] io_submit_sqes+0x5ef/0x1060 [ 501.839417][ T1630] __se_sys_io_uring_enter+0x1c1/0x1b70 [ 501.839454][ T1630] ? 0xffffffff81000000 [ 501.839467][ T1630] ? __rcu_read_unlock+0x4f/0x70 [ 501.839605][ T1630] ? get_pid_task+0x96/0xd0 [ 501.839690][ T1630] ? proc_fail_nth_write+0x13b/0x160 [ 501.839727][ T1630] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 501.839844][ T1630] ? vfs_write+0x7e8/0x960 [ 501.839870][ T1630] ? __rcu_read_unlock+0x4f/0x70 [ 501.839904][ T1630] ? __fget_files+0x184/0x1c0 [ 501.839933][ T1630] ? fput+0x8f/0xc0 [ 501.840039][ T1630] __x64_sys_io_uring_enter+0x78/0x90 [ 501.840079][ T1630] x64_sys_call+0x2df0/0x3000 [ 501.840110][ T1630] do_syscall_64+0xd2/0x200 [ 501.840176][ T1630] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 501.840214][ T1630] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 501.840245][ T1630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.840268][ T1630] RIP: 0033:0x7fcb32bbeec9 [ 501.840283][ T1630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 501.840306][ T1630] RSP: 002b:00007fcb3161f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 501.840341][ T1630] RAX: ffffffffffffffda RBX: 00007fcb32e15fa0 RCX: 00007fcb32bbeec9 [ 501.840359][ T1630] RDX: 000000000000d480 RSI: 00000000000029ab RDI: 0000000000000006 [ 501.840375][ T1630] RBP: 00007fcb3161f090 R08: 0000000000000000 R09: 0000000000000000 [ 501.840387][ T1630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 501.840399][ T1630] R13: 00007fcb32e16038 R14: 00007fcb32e15fa0 R15: 00007fff988a1238 [ 501.840435][ T1630] [ 502.137618][ T1635] siw: device registration error -23 [ 502.147926][ T1639] loop9: detected capacity change from 0 to 7 [ 502.154864][ T1639] Buffer I/O error on dev loop9, logical block 0, async page read [ 502.163370][ T1639] Buffer I/O error on dev loop9, logical block 0, async page read [ 502.171411][ T1639] loop9: unable to read partition table [ 502.177508][ T1639] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 502.177508][ T1639] ) failed (rc=-5) [ 502.208702][ T1641] loop8: detected capacity change from 0 to 764 [ 502.217025][ T1641] iso9660: Unknown parameter '9p' [ 502.284069][ T1643] rdma_rxe: rxe_newlink: failed to add team_slave_0 [ 502.310906][ T1652] __nla_validate_parse: 1 callbacks suppressed [ 502.310926][ T1652] netlink: 24 bytes leftover after parsing attributes in process `syz.3.12181'. [ 502.341545][ T1650] loop8: detected capacity change from 0 to 512 [ 502.348314][ T1650] EXT4-fs: Ignoring removed nobh option [ 502.362936][ T1652] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=1652 comm=syz.3.12181 [ 502.395291][ T1650] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #3: comm syz.8.12179: corrupted inode contents [ 502.425673][ T1650] EXT4-fs error (device loop8): ext4_dirty_inode:6509: inode #3: comm syz.8.12179: mark_inode_dirty error [ 502.448639][ T1650] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #3: comm syz.8.12179: corrupted inode contents [ 502.464577][ T1650] EXT4-fs error (device loop8): __ext4_ext_dirty:206: inode #3: comm syz.8.12179: mark_inode_dirty error [ 502.478009][ T1650] EXT4-fs error (device loop8): ext4_acquire_dquot:6945: comm syz.8.12179: Failed to acquire dquot type 0 [ 502.491353][ T1650] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #16: comm syz.8.12179: corrupted inode contents [ 502.504381][ T1650] EXT4-fs error (device loop8): ext4_dirty_inode:6509: inode #16: comm syz.8.12179: mark_inode_dirty error [ 502.516064][ T1650] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #16: comm syz.8.12179: corrupted inode contents [ 502.528455][ T1650] EXT4-fs error (device loop8): __ext4_ext_dirty:206: inode #16: comm syz.8.12179: mark_inode_dirty error [ 502.540064][ T1650] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #16: comm syz.8.12179: corrupted inode contents [ 502.552448][ T1650] EXT4-fs error (device loop8) in ext4_orphan_del:301: Corrupt filesystem [ 502.563160][ T1650] EXT4-fs error (device loop8): ext4_do_update_inode:5624: inode #16: comm syz.8.12179: corrupted inode contents [ 502.575384][ T1650] EXT4-fs error (device loop8): ext4_truncate:4637: inode #16: comm syz.8.12179: mark_inode_dirty error [ 502.642775][ T1650] EXT4-fs error (device loop8) in ext4_process_orphan:343: Corrupt filesystem [ 502.652773][ T1650] EXT4-fs (loop8): 1 truncate cleaned up [ 502.658945][ T1650] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 502.694681][ T1650] ext4 filesystem being mounted at /63/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 502.706475][ T1650] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 502.805103][ T1678] netlink: 20 bytes leftover after parsing attributes in process `syz.2.12185'. [ 502.960746][ T1683] FAULT_INJECTION: forcing a failure. [ 502.960746][ T1683] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 502.974056][ T1683] CPU: 1 UID: 0 PID: 1683 Comm: syz.8.12191 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 502.974156][ T1683] Tainted: [W]=WARN [ 502.974166][ T1683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 502.974184][ T1683] Call Trace: [ 502.974193][ T1683] [ 502.974204][ T1683] __dump_stack+0x1d/0x30 [ 502.974230][ T1683] dump_stack_lvl+0xe8/0x140 [ 502.974257][ T1683] dump_stack+0x15/0x1b [ 502.974281][ T1683] should_fail_ex+0x265/0x280 [ 502.974397][ T1683] should_fail+0xb/0x20 [ 502.974429][ T1683] should_fail_usercopy+0x1a/0x20 [ 502.974450][ T1683] _copy_from_user+0x1c/0xb0 [ 502.974498][ T1683] sctp_setsockopt+0x154/0xe30 [ 502.974537][ T1683] sock_common_setsockopt+0x69/0x80 [ 502.974568][ T1683] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 502.974599][ T1683] __sys_setsockopt+0x184/0x200 [ 502.974700][ T1683] __x64_sys_setsockopt+0x64/0x80 [ 502.974741][ T1683] x64_sys_call+0x20ec/0x3000 [ 502.974771][ T1683] do_syscall_64+0xd2/0x200 [ 502.974804][ T1683] ? arch_exit_to_user_mode_prepare+0x27/0x80 [ 502.974855][ T1683] ? irqentry_exit_to_user_mode+0x7b/0xa0 [ 502.974898][ T1683] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 502.975031][ T1683] RIP: 0033:0x7fcb32bbeec9 [ 502.975054][ T1683] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 502.975081][ T1683] RSP: 002b:00007fcb3161f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 502.975107][ T1683] RAX: ffffffffffffffda RBX: 00007fcb32e15fa0 RCX: 00007fcb32bbeec9 [ 502.975125][ T1683] RDX: 0000000000000011 RSI: 0000000000000084 RDI: 0000000000000003 [ 502.975148][ T1683] RBP: 00007fcb3161f090 R08: 0000000000000008 R09: 0000000000000000 [ 502.975161][ T1683] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001 [ 502.975240][ T1683] R13: 00007fcb32e16038 R14: 00007fcb32e15fa0 R15: 00007fff988a1238 [ 502.975316][ T1683] [ 503.295733][ T1686] !yz!: rxe_newlink: already configured on team_slave_0 [ 503.313265][ T1688] loop9: detected capacity change from 0 to 512 [ 503.352703][ T1688] EXT4-fs (loop9): revision level too high, forcing read-only mode [ 503.367239][ T1688] EXT4-fs (loop9): orphan cleanup on readonly fs [ 503.375112][ T1688] EXT4-fs error (device loop9): ext4_do_update_inode:5624: inode #16: comm syz.9.12193: corrupted inode contents [ 503.387564][ T1688] EXT4-fs (loop9): Remounting filesystem read-only [ 503.394330][ T1688] EXT4-fs (loop9): 1 truncate cleaned up [ 503.400346][ T3684] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 503.410997][ T3684] EXT4-fs (loop9): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 503.440249][ T3684] EXT4-fs (loop9): Quota write (off=8, len=24) cancelled because transaction is not started [ 503.451156][ T1688] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 503.478214][ T1178] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 503.655211][ T1710] loop3: detected capacity change from 0 to 1024 [ 503.671342][ T1710] EXT4-fs: Ignoring removed orlov option [ 503.710095][ T1710] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 503.768041][ T1714] syz!: rxe_newlink: already configured on team_slave_0 [ 503.843689][ T1719] netlink: 24 bytes leftover after parsing attributes in process `syz.2.12205'. [ 503.865381][ T1719] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=1719 comm=syz.2.12205 [ 503.944601][ T1723] loop8: detected capacity change from 0 to 1024 [ 503.954169][ T1723] EXT4-fs: Ignoring removed orlov option [ 503.985372][ T1723] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 504.136013][ T1737] loop2: detected capacity change from 0 to 512 [ 504.143456][ T1737] EXT4-fs: Ignoring removed nobh option [ 504.158733][ T1723] ================================================================== [ 504.167085][ T1723] BUG: KCSAN: data-race in filemap_read / filemap_read [ 504.174120][ T1723] [ 504.176573][ T1723] read to 0xffff888115e21528 of 8 bytes by task 1735 on cpu 0: [ 504.184222][ T1723] filemap_read+0x6f/0xa00 [ 504.188689][ T1723] generic_file_read_iter+0x79/0x330 [ 504.194205][ T1723] ext4_file_read_iter+0x1cc/0x290 [ 504.199368][ T1723] copy_splice_read+0x442/0x660 [ 504.204271][ T1723] splice_direct_to_actor+0x290/0x680 [ 504.209766][ T1723] do_splice_direct+0xda/0x150 [ 504.214568][ T1723] do_sendfile+0x380/0x650 [ 504.219061][ T1723] __x64_sys_sendfile64+0x105/0x150 [ 504.224286][ T1723] x64_sys_call+0x2bb4/0x3000 [ 504.229072][ T1723] do_syscall_64+0xd2/0x200 [ 504.233594][ T1723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 504.239587][ T1723] [ 504.241919][ T1723] write to 0xffff888115e21528 of 8 bytes by task 1723 on cpu 1: [ 504.249849][ T1723] filemap_read+0x974/0xa00 [ 504.254628][ T1723] generic_file_read_iter+0x79/0x330 [ 504.260047][ T1723] ext4_file_read_iter+0x1cc/0x290 [ 504.265189][ T1723] copy_splice_read+0x442/0x660 [ 504.270146][ T1723] splice_direct_to_actor+0x290/0x680 [ 504.275708][ T1723] do_splice_direct+0xda/0x150 [ 504.280579][ T1723] do_sendfile+0x380/0x650 [ 504.285052][ T1723] __x64_sys_sendfile64+0x105/0x150 [ 504.290357][ T1723] x64_sys_call+0x2bb4/0x3000 [ 504.295138][ T1723] do_syscall_64+0xd2/0x200 [ 504.299659][ T1723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 504.305663][ T1723] [ 504.307990][ T1723] value changed: 0x0000000000000121 -> 0x0000000000000122 [ 504.315368][ T1723] [ 504.317696][ T1723] Reported by Kernel Concurrency Sanitizer on: [ 504.324058][ T1723] CPU: 1 UID: 0 PID: 1723 Comm: syz.8.12207 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 504.335446][ T1723] Tainted: [W]=WARN [ 504.339339][ T1723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 504.349500][ T1723] ================================================================== [ 504.364017][ T1737] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #3: comm syz.2.12213: corrupted inode contents [ 504.378365][ T1737] EXT4-fs error (device loop2): ext4_dirty_inode:6509: inode #3: comm syz.2.12213: mark_inode_dirty error [ 504.401727][ T1737] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #3: comm syz.2.12213: corrupted inode contents [ 504.419483][ T1737] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #3: comm syz.2.12213: mark_inode_dirty error [ 504.446734][ T1737] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.12213: Failed to acquire dquot type 0 [ 504.471789][ T548] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 504.481453][ T1737] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #16: comm syz.2.12213: corrupted inode contents [ 504.498177][ T1737] EXT4-fs error (device loop2): ext4_dirty_inode:6509: inode #16: comm syz.2.12213: mark_inode_dirty error [ 504.510183][ T1737] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #16: comm syz.2.12213: corrupted inode contents [ 504.511488][T29965] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 504.531514][ T1737] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #16: comm syz.2.12213: mark_inode_dirty error [ 504.543352][ T1737] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #16: comm syz.2.12213: corrupted inode contents [ 504.555594][ T1737] EXT4-fs error (device loop2) in ext4_orphan_del:301: Corrupt filesystem [ 504.564832][ T1737] EXT4-fs error (device loop2): ext4_do_update_inode:5624: inode #16: comm syz.2.12213: corrupted inode contents [ 504.577408][ T1737] EXT4-fs error (device loop2): ext4_truncate:4637: inode #16: comm syz.2.12213: mark_inode_dirty error [ 504.589353][ T1737] EXT4-fs error (device loop2) in ext4_process_orphan:343: Corrupt filesystem [ 504.598815][ T1737] EXT4-fs (loop2): 1 truncate cleaned up [ 504.604873][ T1737] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 504.617419][ T1737] ext4 filesystem being mounted at /48/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 504.628908][ T1737] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.